Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Wasabi.msi

Overview

General Information

Sample name:Wasabi.msi
Analysis ID:1523729
MD5:3b99d6ddf8dda188ba5596d25eb5082d
SHA1:97f0218ba3529184dda5ffad538b2e511c9a11e2
SHA256:fa8b7c248496f1cf913f9691091901c11877070110d240673b3dd947f46093fd
Tags:fakemsiuser-ninjacatcher
Infos:

Detection

Score:26
Range:0 - 100
Whitelisted:false
Confidence:40%

Signatures

Creates autostart registry keys to launch java
Writes a notice file (html or txt) to demand a ransom
Yara detected Generic Downloader
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file contains strange resources
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 1088 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Wasabi.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 2716 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 4856 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 8954D0F09732CC8C32EC25B7D9AA876D C MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • msiexec.exe (PID: 7988 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\ZKsnacks\Wasabi Wallet\prerequisites\Wasabi\Wasabi.msi" MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 7896 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding E9EF6AB8F4B248236972964FA7D85355 MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files\WasabiWallet\System.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
    C:\Program Files\WasabiWallet\netstandard.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      C:\Program Files\WasabiWallet\System.Net.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWalletJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jreJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\libJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\jawt.libJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Reflection.DispatchProxy.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\binJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\ktab.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legalJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.naming.rmiJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.naming.rmi\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\WalletWasabi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-string-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Transactions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Extensions.DependencyInjection.Abstractions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Runtime.Numerics.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.FileSystem.Primitives.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\securityJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\security\public_suffix_list.datJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-handle-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.internal.vm.compiler.managementJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.internal.vm.compiler.management\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.Compression.FileSystem.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.ComponentModel.TypeConverter.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.rmiJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.rmi\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Runtime.CompilerServices.VisualC.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.sql.rowsetJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.sql.rowset\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Numerics.Vectors.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Console.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Drawing.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Splat.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.security.saslJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.security.sasl\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.crypto.cryptokiJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.crypto.cryptoki\pkcs11cryptotoken.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Resources.ResourceManager.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Security.AccessControl.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Http.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\netstandard.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Fonts.Inter.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\jfrJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\jfr\profile.jfcJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.netJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.net\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.jfrJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.jfr\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Private.Xml.Linq.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.unsupportedJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.unsupported\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\e_sqlite3.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Extensions.FileProviders.Abstractions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\javaw.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\clretwrc.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.ReactiveUI.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\confJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\conf\net.propertiesJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Runtime.InteropServices.JavaScript.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.HttpListener.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\rmiregistry.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-processthreads-l1-1-1.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Xml.Serialization.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Web.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.Reactive.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Xml.Linq.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\createdump.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.jdwp.agentJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.jdwp.agent\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.WebProxy.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\conf\securityJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\conf\security\policyJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\conf\security\policy\README.txtJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\mscorlib.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Metal.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Text.Encoding.CodePages.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\j2gss.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\mscordbi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-libraryloader-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\MicroservicesJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microservices\BinariesJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microservices\Binaries\win64Jump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microservices\Binaries\win64\TorJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microservices\Binaries\win64\Tor\.gitattributesJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\LegalJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Legal\AssetsJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Legal\Assets\LegalDocumentsWw1.txtJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.Security.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.scriptingJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.scripting\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\j2pcsc.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.ComponentModel.EventBasedAsync.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\WalletWasabi.Daemon.pdbJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\TorJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Tor\GeoipJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Tor\Geoip\geoip6Jump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Runtime.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.xml.cryptoJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.xml.crypto\santuario.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Text.Json.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Reflection.Emit.ILGeneration.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.security.sasl\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.charsetsJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.charsets\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.WebSockets.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\conf\managementJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\conf\management\management.propertiesJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Diagnostics.TextWriterTraceListener.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\windowsaccessbridge-64.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Configuration.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.managementJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.management\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\tzmappingsJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\conf\management\jmxremote.password.templateJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Resources.Writer.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\conf\security\policy\limitedJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\conf\security\policy\limited\default_US_export.policyJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\msquic.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.management.jfrJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.management.jfr\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.xml.crypto\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Win32.Registry.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Security.Cryptography.Primitives.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\SkiaSharp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.FreeDesktop.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.smartcardioJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.smartcardio\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Numerics.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\zip.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\jimage.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-runtime-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\psfont.properties.jaJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-conio-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\tzdb.datJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Data.DataSetExtensions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\awt.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.sql.rowset\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.net.httpJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.net.http\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.DragAndDrop.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Globalization.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Private.Xml.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.ServiceProcess.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\java.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\WindowsBase.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Legal\Assets\LegalDocumentsWw2.txtJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Linq.Expressions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.namingJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.naming\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\security\cacertsJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.security.jgssJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.security.jgss\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Threading.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\jfr\default.jfcJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.desktopJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.desktop\libpng.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactivity.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\NBitcoin.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.net.http\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\management_ext.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Xml.XPath.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.xmlJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.xml\xalan.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Controls.TreeDataGrid.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Reactive.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\jawt.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Linq.Parallel.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Options.ConfigurationExtensions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.IsolatedStorage.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\MicroCom.Runtime.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\jabswitch.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.Draggable.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Runtime.InteropServices.RuntimeInformation.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.baseJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.base\icu.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Security.Cryptography.X509Certificates.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.ComponentModel.Annotations.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Runtime.Extensions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.managementJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.management\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.xml\dom.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.net\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.internal.vm.ciJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.internal.vm.ci\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.CSharp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.base\zlib.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\nio.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Base.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.xml\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Threading.Timer.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\jfr.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Runtime.Serialization.Primitives.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.httpserverJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.httpserver\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-process-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\fontmanager.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Security.Principal.Windows.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Skia.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Diagnostics.TraceSource.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.crypto.cryptoki\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-file-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Configuration.Binder.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.localedataJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.localedata\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Web.HttpUtility.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.Pipes.AccessControl.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.WebHeaderCollection.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\SQLitePCLRaw.provider.e_sqlite3.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.FileSystem.DriveInfo.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Diagnostics.Tools.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.Compression.ZipFile.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\conf\security\policy\unlimitedJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\conf\security\policy\unlimited\default_local.policyJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Linq.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-math-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Xml.ReaderWriter.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\SQLitePCLRaw.batteries_v2.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.security.jgssJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.security.jgss\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.accessibilityJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.accessibility\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\prefs.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\msvcp140.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Private.CoreLib.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\DynamicData.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.ServiceModel.Web.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Transactions.Local.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Collections.Immutable.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\management.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Private.Uri.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-processthreads-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Collections.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Runtime.Intrinsics.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Tor\Geoip\geoipJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Reflection.TypeExtensions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.base\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.DesignerSupport.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Security.Cryptography.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\rmi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Caching.Memory.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.base\unicode.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.base\asm.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\SQLitePCLRaw.core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Controls.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microservices\Binaries\win64\Tor\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-time-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.base\aes.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.desktop\colorimaging.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.FileSystem.AccessControl.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Win32.Primitives.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.NameResolution.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.xml.domJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.xml.dom\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\freetype.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.OpenGL.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.instrumentJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.instrument\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.DiaSymReader.Native.amd64.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.management.agentJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.management.agent\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\WalletWasabi.Daemon.runtimeconfig.jsonJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Text.Encoding.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Linq.Queryable.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-private-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Logging.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Logging.Abstractions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.desktop\lcms.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.WebClient.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.management.jfr\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\dt_socket.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Desktop.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.rmi\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.crypto.ecJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.crypto.ec\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-debug-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.ComponentModel.Primitives.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-localization-l1-2-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\psfontj2d.propertiesJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Primitives.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.Compression.Brotli.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.sqlJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.sql\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.transaction.xaJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.transaction.xa\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\conf\logging.propertiesJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.charsets\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.management\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-file-l1-2-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\sunec.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.crypto.cryptoki\pkcs11wrapper.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Win32.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\WalletWasabi.Fluent.Desktop.deps.jsonJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.Http.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Threading.Tasks.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.MemoryMappedFiles.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Runtime.Handles.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\security\default.policyJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.ComponentModel.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Threading.ThreadPool.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\w2k_lsa_auth.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.localedata\cldr.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.Sockets.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\conf\security\policy\unlimited\default_US_export.policyJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\clrgc.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Runtime.InteropServices.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\mscorrc.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\hostfxr.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microservices\Binaries\win64\Tor\tor.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-datetime-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Formats.Tar.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.xml\bcel.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Runtime.Loader.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\keytool.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\jrt-fs.jarJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.xml\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Security.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Collections.Concurrent.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.Compression.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.Ping.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Reflection.Primitives.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microservices\Binaries\win64\hwi.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\fontconfig.properties.srcJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.Pipes.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\ucrtbase.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Newtonsoft.Json.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Reflection.Metadata.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.desktop\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\jvm.cfgJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Diagnostics.DiagnosticSource.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.Compression.Native.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.smartcardio\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Private.DataContractSerialization.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Reflection.Emit.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Reflection.Emit.Lightweight.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.xml\jcup.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\WalletWasabi.Daemon.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\jaas.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.AspNetCore.WebUtilities.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\modulesJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.zipfsJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.zipfs\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\WalletWasabi.Daemon.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\QRackers.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.ObjectModel.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.management.agent\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-profile-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\av_libglesv2.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.xml.crypto\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Tmds.DBus.Protocol.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\javajpeg.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.Primitives.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Security.Cryptography.OpenSsl.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\jsound.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.httpserver\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Native.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.base\public_suffix.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Resources.Reader.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.transaction.xa\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Diagnostics.Process.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\jaccesswalker.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.UnmanagedMemoryStream.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\verify.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\fontconfig.bfcJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\java.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Threading.Tasks.Dataflow.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.prefsJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.prefs\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.compilerJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.compiler\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Extensions.DependencyInjection.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Text.Encodings.Web.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.VisualBasic.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Markup.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.xml\xerces.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.Pipelines.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Security.Cryptography.Csp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\hostpolicy.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.localedata\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\jlig.jarJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Options.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Reflection.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\vcruntime140.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-util-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.sql\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Security.Cryptography.Algorithms.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.sctpJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.sctp\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.Requests.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.desktop\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.datatransferJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.datatransfer\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\WalletWasabi.Fluent.Desktop.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.zipfs\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Markup.Xaml.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.MicroCom.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.crypto.ec\ecc.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Runtime.CompilerServices.Unsafe.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.instrument\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.Quic.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Buffers.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\jli.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\mscordaccore_amd64_amd64_8.0.324.11423.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.desktop\mesa3d.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\mlib_image.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.AppContext.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-rtlsupport-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\WalletWasabi.Fluent.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\WabiSabi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Xml.XPath.XDocument.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Globalization.Calendars.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Caching.Abstractions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-locale-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Drawing.Primitives.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-memory-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Data.Sqlite.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.scripting\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Xml.XDocument.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.base\c-libutl.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.FileSystem.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.security.jgss\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.desktop\opengl.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Themes.Fluent.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.management\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.security.authJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.security.auth\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.naming\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-timezone-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.Custom.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\conf\security\java.policyJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.dynalinkJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.dynalink\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-synch-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.internal.vm.compilerJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.internal.vm.compiler\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Globalization.Extensions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.seJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.se\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.dynalink\dynalink.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.WebSockets.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microservices\Binaries\win64\bitcoind.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Formats.Asn1.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Reflection.Extensions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.FileSystem.Watcher.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\releaseJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Diagnostics.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.desktop\giflib.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\klist.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\serverJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\server\jvm.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Windows.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\rmid.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Threading.Thread.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.Mail.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-file-l2-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-string-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\instrument.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Diagnostics.Debug.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\WalletWasabi.Fluent.pdbJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.desktop\harfbuzz.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.NetworkInformation.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-stdio-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.jsobjectJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.jsobject\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Dynamic.Runtime.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.internal.vm.compiler\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.internal.vm.ci\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-heap-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.crypto.cryptoki\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Runtime.Serialization.Formatters.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.sctp\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\classlistJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Threading.Channels.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Text.Encoding.Extensions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-utility-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\wassabee.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Runtime.Serialization.Json.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.loggingJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.logging\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\jaccessinspector.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.naming.rmi\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\libHarfBuzzSharp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Security.Principal.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.xml.dom\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.management.rmiJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.management.rmi\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Dialogs.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.jdwp.agent\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\net.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Diagnostics.Abstractions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\conf\security\policy\README.txtJump to behavior
        Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\aipackagechainer.pdb source: Wasabi.msi
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Json\Release\net8.0\System.Text.Json.pdb source: System.Text.Json.dll.2.dr
        Source: Binary string: /_/artifacts/obj/System.Diagnostics.Debug/Release/net8.0-windows/System.Diagnostics.Debug.pdbSHA256i source: System.Diagnostics.Debug.dll.2.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XmlSerializer\Release\net8.0\System.Xml.XmlSerializer.pdb source: System.Xml.XmlSerializer.dll.2.dr
        Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: api-ms-win-core-memory-l1-1-0.dll.2.dr
        Source: Binary string: System.ComponentModel.Primitives.ni.pdb source: System.ComponentModel.Primitives.dll.2.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.AccessControl\Release\net8.0-windows\System.Security.AccessControl.pdb source: System.Security.AccessControl.dll.2.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.TypeExtensions\Release\net8.0\System.Reflection.TypeExtensions.pdb source: System.Reflection.TypeExtensions.dll.2.dr
        Source: Binary string: /_/artifacts/obj/mscorlib/Release/net8.0-windows/mscorlib.pdb source: mscorlib.dll.2.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Cng/Release/net8.0-windows/System.Security.Cryptography.Cng.pdb source: System.Security.Cryptography.Cng.dll.2.dr
        Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.Options/Release/net8.0/Microsoft.Extensions.Options.pdbSHA256 source: Microsoft.Extensions.Options.dll.2.dr
        Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: api-ms-win-crt-stdio-l1-1-0.dll.2.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Json\Release\net8.0\System.Runtime.Serialization.Json.pdb source: System.Runtime.Serialization.Json.dll.2.dr
        Source: Binary string: libGLESv2.dll.pdb source: av_libglesv2.dll.2.dr
        Source: Binary string: Avalonia.Xaml.Interactions.Responsive.pdb source: Avalonia.Xaml.Interactions.Responsive.dll.2.dr
        Source: Binary string: /_/artifacts/obj/System.Security.SecureString/Release/net8.0-windows/System.Security.SecureString.pdbSHA256&JU source: System.Security.SecureString.dll.2.dr
        Source: Binary string: t:\workspace\build\windows-x64\support\native\java.base\java_objs\java.pdb source: java.exe.2.dr
        Source: Binary string: System.Security.Principal.Windows.ni.pdb source: System.Security.Principal.Windows.dll.2.dr
        Source: Binary string: /_/artifacts/obj/mscorlib/Release/net8.0-windows/mscorlib.pdbSHA256 source: mscorlib.dll.2.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscordac\mscordaccore.pdb source: mscordaccore.dll.2.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XmlSerializer\Release\net8.0\System.Xml.XmlSerializer.pdbSHA256 source: System.Xml.XmlSerializer.dll.2.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.OpenSsl/Release/net8.0-windows/System.Security.Cryptography.OpenSsl.pdb source: System.Security.Cryptography.OpenSsl.dll.2.dr
        Source: Binary string: /_/artifacts/obj/System.Xml.XmlDocument/Release/net8.0-windows/System.Xml.XmlDocument.pdbSHA256 source: System.Xml.XmlDocument.dll.2.dr
        Source: Binary string: /_/artifacts/obj/System.Data.DataSetExtensions/Release/net8.0-windows/System.Data.DataSetExtensions.pdbSHA256j source: System.Data.DataSetExtensions.dll.2.dr
        Source: Binary string: System.Text.Json.ni.pdb source: System.Text.Json.dll.2.dr
        Source: Binary string: vcruntime140.amd64.pdbGCTL source: vcruntime140.dll.2.dr
        Source: Binary string: /_/artifacts/obj/System.Diagnostics.Debug/Release/net8.0-windows/System.Diagnostics.Debug.pdb source: System.Diagnostics.Debug.dll.2.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscorrc\mscorrc.pdb source: mscorrc.dll.2.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Win32.Primitives\Release\net8.0\Microsoft.Win32.Primitives.pdb source: Microsoft.Win32.Primitives.dll.2.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\Release\net8.0\System.Reflection.Primitives.pdb source: System.Reflection.Primitives.dll.2.dr
        Source: Binary string: WalletWasabi.Fluent.Desktop\obj\Release\net8.0\win-x64\WalletWasabi.Fluent.Desktop.pdb source: WalletWasabi.Fluent.Desktop.dll.2.dr
        Source: Binary string: System.Private.DataContractSerialization.ni.pdb source: System.Private.DataContractSerialization.dll.2.dr
        Source: Binary string: D:\a\1\s\externals\skia\out\windows\x64\libSkiaSharp.pdb source: libSkiaSharp.dll.2.dr
        Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.Options/Release/net8.0/Microsoft.Extensions.Options.pdb source: Microsoft.Extensions.Options.dll.2.dr
        Source: Binary string: t:\workspace\build\windows-x64\support\modules_libs\jdk.security.auth\jaas.pdb source: jaas.dll.2.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Win32.Primitives\Release\net8.0\Microsoft.Win32.Primitives.pdbSHA256l source: Microsoft.Win32.Primitives.dll.2.dr
        Source: Binary string: /_/artifacts/obj/System.Security.SecureString/Release/net8.0-windows/System.Security.SecureString.pdb source: System.Security.SecureString.dll.2.dr
        Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: Wasabi.msi, MSIB640.tmp.0.dr, MSIB514.tmp.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.OpenSsl/Release/net8.0-windows/System.Security.Cryptography.OpenSsl.pdbSHA256 source: System.Security.Cryptography.OpenSsl.dll.2.dr
        Source: Binary string: vcruntime140.amd64.pdb source: vcruntime140.dll.2.dr
        Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: api-ms-win-crt-time-l1-1-0.dll.2.dr
        Source: Binary string: System.Net.WebSockets.Client.ni.pdb source: System.Net.WebSockets.Client.dll.2.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebSockets.Client\Release\net8.0\System.Net.WebSockets.Client.pdb source: System.Net.WebSockets.Client.dll.2.dr
        Source: Binary string: WalletWasabi.Fluent.Desktop\obj\Release\net8.0\win-x64\WalletWasabi.Fluent.Desktop.pdbSHA256 source: WalletWasabi.Fluent.Desktop.dll.2.dr
        Source: Binary string: System.Reflection.TypeExtensions.ni.pdb source: System.Reflection.TypeExtensions.dll.2.dr
        Source: Binary string: /_/artifacts/obj/System.Private.DataContractSerialization/Release/net8.0/System.Private.DataContractSerialization.pdb source: System.Private.DataContractSerialization.dll.2.dr
        Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.Logging.Abstractions/Release/net8.0/Microsoft.Extensions.Logging.Abstractions.pdbSHA256 source: Microsoft.Extensions.Logging.Abstractions.dll.2.dr
        Source: Binary string: System.Security.Claims.ni.pdb source: System.Security.Claims.dll.2.dr
        Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.Logging.Abstractions/Release/net8.0/Microsoft.Extensions.Logging.Abstractions.pdb source: Microsoft.Extensions.Logging.Abstractions.dll.2.dr
        Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\Prereq.pdb source: Wasabi.msi
        Source: Binary string: /_/artifacts/obj/System.Xml.XmlDocument/Release/net8.0-windows/System.Xml.XmlDocument.pdb source: System.Xml.XmlDocument.dll.2.dr
        Source: Binary string: /_/artifacts/obj/System.IO.UnmanagedMemoryStream/Release/net8.0-windows/System.IO.UnmanagedMemoryStream.pdb source: System.IO.UnmanagedMemoryStream.dll.2.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Cng/Release/net8.0-windows/System.Security.Cryptography.Cng.pdbSHA256 source: System.Security.Cryptography.Cng.dll.2.dr
        Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: api-ms-win-crt-math-l1-1-0.dll.2.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Json\Release\net8.0\System.Runtime.Serialization.Json.pdbSHA256 source: System.Runtime.Serialization.Json.dll.2.dr
        Source: Binary string: System.Security.AccessControl.ni.pdb source: System.Security.AccessControl.dll.2.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ComponentModel.Primitives\Release\net8.0\System.ComponentModel.Primitives.pdb source: System.ComponentModel.Primitives.dll.2.dr
        Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll.2.dr
        Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: api-ms-win-core-namedpipe-l1-1-0.dll.2.dr
        Source: Binary string: /_/artifacts/obj/System.Data.DataSetExtensions/Release/net8.0-windows/System.Data.DataSetExtensions.pdb source: System.Data.DataSetExtensions.dll.2.dr
        Source: Binary string: /_/artifacts/obj/System.ValueTuple/Release/net8.0-windows/System.ValueTuple.pdbSHA256% source: System.ValueTuple.dll.2.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.Claims\Release\net8.0\System.Security.Claims.pdb source: System.Security.Claims.dll.2.dr
        Source: Binary string: t:\workspace\build\windows-x64\support\modules_libs\java.base\zip.pdb(( source: zip.dll.2.dr
        Source: Binary string: Avalonia.Xaml.Interactions.Responsive.pdbSHA256 source: Avalonia.Xaml.Interactions.Responsive.dll.2.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\Release\net8.0\System.Reflection.Primitives.pdbSHA256 source: System.Reflection.Primitives.dll.2.dr
        Source: Binary string: /_/artifacts/obj/System.IO.UnmanagedMemoryStream/Release/net8.0-windows/System.IO.UnmanagedMemoryStream.pdbSHA256 source: System.IO.UnmanagedMemoryStream.dll.2.dr
        Source: Binary string: /_/artifacts/obj/System.ValueTuple/Release/net8.0-windows/System.ValueTuple.pdb source: System.ValueTuple.dll.2.dr
        Source: Binary string: t:\workspace\build\windows-x64\support\modules_libs\java.base\zip.pdb source: zip.dll.2.dr
        Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\lzmaextractor.pdb source: Wasabi.msi
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.Principal.Windows\Release\net8.0-windows\System.Security.Principal.Windows.pdb source: System.Security.Principal.Windows.dll.2.dr
        Source: Binary string: t:\workspace\build\windows-x64\support\modules_libs\jdk.accessibility\javaaccessbridge.pdb source: javaaccessbridge.dll.2.dr
        Source: C:\Windows\SysWOW64\msiexec.exeFile opened: z:Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile opened: x:Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile opened: v:Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile opened: t:Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile opened: r:Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile opened: p:Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile opened: n:Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile opened: l:Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile opened: j:Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile opened: h:Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile opened: f:Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile opened: b:Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile opened: y:Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile opened: w:Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile opened: u:Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile opened: s:Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile opened: q:Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile opened: o:Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile opened: m:Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile opened: k:Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile opened: i:Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile opened: g:Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile opened: e:Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile opened: c:Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile opened: a:Jump to behavior

        Networking

        barindex
        Yara detected Generic Downloader
        Source: Yara matchFile source: C:\Program Files\WasabiWallet\System.dll, type: DROPPED
        Source: Yara matchFile source: C:\Program Files\WasabiWallet\netstandard.dll, type: DROPPED
        Source: Yara matchFile source: C:\Program Files\WasabiWallet\System.Net.dll, type: DROPPED
        Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
        Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
        Source: av_libglesv2.dll.2.drString found in binary or memory: http://anglebug.com/1452
        Source: av_libglesv2.dll.2.drString found in binary or memory: http://anglebug.com/1452Bug
        Source: av_libglesv2.dll.2.drString found in binary or memory: http://anglebug.com/2152
        Source: av_libglesv2.dll.2.drString found in binary or memory: http://anglebug.com/2152On
        Source: av_libglesv2.dll.2.drString found in binary or memory: http://anglebug.com/3246
        Source: av_libglesv2.dll.2.drString found in binary or memory: http://anglebug.com/3246On
        Source: av_libglesv2.dll.2.drString found in binary or memory: http://crbug.com/398694
        Source: av_libglesv2.dll.2.drString found in binary or memory: http://crbug.com/398694Always
        Source: av_libglesv2.dll.2.drString found in binary or memory: http://crbug.com/941620
        Source: av_libglesv2.dll.2.drString found in binary or memory: http://crbug.com/941620Some
        Source: zip.dll.2.dr, javaaccessbridge.dll.2.dr, java.exe.2.dr, jaas.dll.2.drString found in binary or memory: http://s.symcb.com/universal-root.crl0
        Source: zip.dll.2.dr, javaaccessbridge.dll.2.dr, java.exe.2.dr, jaas.dll.2.drString found in binary or memory: http://s.symcd.com06
        Source: zip.dll.2.dr, javaaccessbridge.dll.2.dr, java.exe.2.dr, jaas.dll.2.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
        Source: zip.dll.2.dr, javaaccessbridge.dll.2.dr, java.exe.2.dr, jaas.dll.2.drString found in binary or memory: http://s2.symcb.com0
        Source: System.Private.DataContractSerialization.dll.2.drString found in binary or memory: http://schemas.datacontract.org/2004/07/
        Source: WalletWasabi.Fluent.Desktop.dll.2.drString found in binary or memory: http://schemas.datacontract.org/2004/07/Avalonia.Markup.Xaml.PortableXaml
        Source: System.Private.DataContractSerialization.dll.2.drString found in binary or memory: http://schemas.datacontract.org/2004/07/System.IO
        Source: System.Private.DataContractSerialization.dll.2.drString found in binary or memory: http://schemas.datacontract.org/2004/07/System.Runtime.Serialization
        Source: System.Private.DataContractSerialization.dll.2.drString found in binary or memory: http://schemas.datacontract.org/2004/07/System.Xml
        Source: System.Private.DataContractSerialization.dll.2.drString found in binary or memory: http://schemas.datacontract.org/2004/07/System.Xml.Linq
        Source: System.Private.DataContractSerialization.dll.2.drString found in binary or memory: http://schemas.datacontract.org/2004/07/SystemV
        Source: System.Private.DataContractSerialization.dll.2.drString found in binary or memory: http://schemas.datacontract.org/2004/07/SystemY
        Source: System.Private.DataContractSerialization.dll.2.drString found in binary or memory: http://schemas.datacontract.org/2004/07/dhttp://schemas.datacontract.org/2004/07/System.XmlRhttp://w
        Source: System.Security.Claims.dll.2.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authentication
        Source: System.Security.Claims.dll.2.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecisionzhttp://schemas.xmlsoap.o
        Source: System.Security.Claims.dll.2.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirthrhttp://schemas.xmlsoap.org/ws/2005
        Source: System.Security.Principal.Windows.dll.2.dr, System.Security.Claims.dll.2.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid
        Source: System.Security.Claims.dll.2.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressxhttp://schemas.xmlsoap.org/ws/200
        Source: System.Security.Claims.dll.2.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality
        Source: System.Security.Claims.dll.2.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone
        Source: System.Security.Principal.Windows.dll.2.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
        Source: System.Security.Claims.dll.2.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
        Source: System.Security.Claims.dll.2.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone
        Source: System.Security.Claims.dll.2.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcoderhttp://schemas.xmlsoap.org/ws/2005/
        Source: System.Security.Claims.dll.2.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince
        Source: System.Security.Claims.dll.2.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddresszhttp://schemas.xmlsoap.org/ws/20
        Source: System.Security.Claims.dll.2.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprintrhttp://schemas.xmlsoap.org/ws/2005/
        Source: System.Security.Claims.dll.2.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishednamevhttp://schemas.xmlsoap.o
        Source: zip.dll.2.dr, javaaccessbridge.dll.2.dr, java.exe.2.dr, jaas.dll.2.drString found in binary or memory: http://sv.symcb.com/sv.crl0W
        Source: zip.dll.2.dr, javaaccessbridge.dll.2.dr, java.exe.2.dr, jaas.dll.2.drString found in binary or memory: http://sv.symcb.com/sv.crt0
        Source: zip.dll.2.dr, javaaccessbridge.dll.2.dr, java.exe.2.dr, jaas.dll.2.drString found in binary or memory: http://sv.symcd.com0&
        Source: zip.dll.2.dr, javaaccessbridge.dll.2.dr, java.exe.2.dr, jaas.dll.2.drString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
        Source: zip.dll.2.dr, javaaccessbridge.dll.2.dr, java.exe.2.dr, jaas.dll.2.drString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
        Source: zip.dll.2.dr, javaaccessbridge.dll.2.dr, java.exe.2.dr, jaas.dll.2.drString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
        Source: libSkiaSharp.dll.2.drString found in binary or memory: http://www.aiim.org/pdfa/ns/id/
        Source: bcel.md.2.drString found in binary or memory: http://www.apache.org/).
        Source: bcel.md.2.drString found in binary or memory: http://www.apache.org/licenses/
        Source: bcel.md.2.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
        Source: libSkiaSharp.dll.2.drString found in binary or memory: http://www.color.org
        Source: zip.dll.2.dr, javaaccessbridge.dll.2.dr, java.exe.2.dr, jaas.dll.2.drString found in binary or memory: http://www.symauth.com/cps0(
        Source: zip.dll.2.dr, javaaccessbridge.dll.2.dr, java.exe.2.dr, jaas.dll.2.drString found in binary or memory: http://www.symauth.com/rpa00
        Source: System.Security.AccessControl.dll.2.dr, System.Text.Json.dll.2.dr, System.Security.Principal.Windows.dll.2.dr, System.ComponentModel.Primitives.dll.2.dr, System.Security.Claims.dll.2.drString found in binary or memory: https://aka.ms/dotnet-warnings/
        Source: av_libglesv2.dll.2.drString found in binary or memory: https://crbug.com/593024
        Source: av_libglesv2.dll.2.drString found in binary or memory: https://crbug.com/593024Copying
        Source: av_libglesv2.dll.2.drString found in binary or memory: https://crbug.com/650547
        Source: av_libglesv2.dll.2.drString found in binary or memory: https://crbug.com/650547Using
        Source: av_libglesv2.dll.2.drString found in binary or memory: https://crbug.com/655534
        Source: av_libglesv2.dll.2.drString found in binary or memory: https://crbug.com/655534Using
        Source: zip.dll.2.dr, javaaccessbridge.dll.2.dr, java.exe.2.dr, jaas.dll.2.drString found in binary or memory: https://d.symcb.com/cps0%
        Source: jaas.dll.2.drString found in binary or memory: https://d.symcb.com/rpa0
        Source: zip.dll.2.dr, javaaccessbridge.dll.2.dr, java.exe.2.dr, jaas.dll.2.drString found in binary or memory: https://d.symcb.com/rpa0.
        Source: Avalonia.Xaml.Interactions.Responsive.dll.2.drString found in binary or memory: https://github.com/AvaloniaUI/Avalonia.Xaml.Behaviors
        Source: Avalonia.Xaml.Interactions.Responsive.dll.2.drString found in binary or memory: https://github.com/avaloniaui%Avalonia.Xaml.Interactions.Responsive
        Source: Avalonia.Xaml.Interactions.Responsive.dll.2.drString found in binary or memory: https://github.com/avaloniaui%Avalonia.Xaml.Interactions.Responsive=
        Source: System.Security.Cryptography.OpenSsl.dll.2.dr, System.Security.AccessControl.dll.2.dr, System.Data.DataSetExtensions.dll.2.dr, System.Reflection.Primitives.dll.2.dr, System.Xml.XmlSerializer.dll.2.dr, System.Runtime.Serialization.Json.dll.2.dr, Microsoft.Extensions.Logging.Abstractions.dll.2.dr, System.IO.UnmanagedMemoryStream.dll.2.dr, System.Reflection.TypeExtensions.dll.2.dr, System.Text.Json.dll.2.dr, System.Security.Principal.Windows.dll.2.dr, System.Private.DataContractSerialization.dll.2.dr, System.Security.SecureString.dll.2.dr, mscorlib.dll.2.dr, System.Xml.XmlDocument.dll.2.dr, Microsoft.Win32.Primitives.dll.2.dr, System.Diagnostics.Debug.dll.2.dr, System.ValueTuple.dll.2.dr, System.Security.Cryptography.Cng.dll.2.dr, System.Net.WebSockets.Client.dll.2.dr, Microsoft.Extensions.Options.dll.2.drString found in binary or memory: https://github.com/dotnet/runtime
        Source: System.IO.UnmanagedMemoryStream.dll.2.drString found in binary or memory: https://github.com/dotnet/runtimep
        Source: Microsoft.Extensions.Options.dll.2.drString found in binary or memory: https://github.com/mono/linker/issues/1416.
        Source: WalletWasabi.Fluent.Desktop.dll.2.drString found in binary or memory: https://github.com/zkSNACKs/WalletWasabi/
        Source: WalletWasabi.Fluent.Desktop.dll.2.drString found in binary or memory: https://tselka.org/files/jlig.jar=The

        Spam, unwanted Advertisements and Ransom Demands

        barindex
        Writes a notice file (html or txt) to demand a ransom
        Source: C:\Windows\System32\msiexec.exeFile dropped: C:\Program Files\WasabiWallet\Legal\Assets\LegalDocumentsWw1.txt -> encrypted secret keys. if you use our services to create a wallet, the software will use an algorithm to generate random recovery words and optionally combines it with an additional word (called the passphrase as defined in bip39), where wasabi may use your chosen wallet password as the default passphrase. we call the combination of the recovery words and the passphrase as wallet backup, or backup. the service provider expressly declares that it does not store, have access to, or have any way or means of recovering your backup. it is your responsibility to keep your wallet backups, your wallet files, and your passwords secure. you should not provide this information to anyone, including any service provider representative. encrypted private key information is stored locally on your computer in a wallet file. private keys can be accessed with the password, which you created at the generation of the wallet. if you permanently forget or lose your backup, you will never be able to recover any bitcoiJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile dropped: C:\Program Files\WasabiWallet\Legal\Assets\LegalDocumentsWw2.txt -> encrypted secret keys. if you use our services to create a wallet, the software will use an algorithm to generate random recovery words and optionally combines it with an additional word (called the passphrase as defined in bip39), where wasabi may use your chosen wallet password as the default passphrase. we call the combination of the recovery words and the passphrase as wallet backup, or backup. the service provider expressly declares that it does not store, have access to, or have any way or means of recovering your backup. it is your responsibility to keep your wallet backups, your wallet files, and your passwords secure. you should not provide this information to anyone, including any service provider representative. encrypted private key information is stored locally on your computer in a wallet file. private keys can be accessed with the password, which you created at the generation of the wallet. if you permanently forget or lose your backup, you will never be able to recover any bitcoiJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5c201b.msiJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2163.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI21C2.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI21E2.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2231.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{FD1DF55A-A524-448D-9669-E90738865A64}Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2290.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5c201d.msiJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{7E27347D-8384-46CE-902E-1A7B1BB18ADF}Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4BE3.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{7E27347D-8384-46CE-902E-1A7B1BB18ADF}Jump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{7E27347D-8384-46CE-902E-1A7B1BB18ADF}\icon.icoJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5c201f.msiJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5c201f.msiJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI2163.tmpJump to behavior
        Source: Microsoft.Extensions.Caching.Abstractions.dll.2.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
        Source: WabiSabi.dll.2.drStatic PE information: Resource name: RT_VERSION type: MacBinary, comment length 97, char. code 0x69, total length 1711304448, Wed Mar 28 22:22:24 2040 INVALID date, modified Tue Feb 7 01:41:58 2040, creator ' ' "4"
        Source: Microsoft.Extensions.Caching.Abstractions.dll.2.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
        Source: api-ms-win-crt-convert-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
        Source: System.Xml.XPath.XDocument.dll.2.drStatic PE information: No import functions for PE file found
        Source: System.Collections.NonGeneric.dll.2.drStatic PE information: No import functions for PE file found
        Source: System.Data.Common.dll.2.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-rtlsupport-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
        Source: System.Drawing.Primitives.dll.2.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-memory-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
        Source: System.Diagnostics.FileVersionInfo.dll.2.drStatic PE information: No import functions for PE file found
        Source: Microsoft.VisualBasic.Core.dll.2.drStatic PE information: No import functions for PE file found
        Source: WalletWasabi.Fluent.dll.2.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-core-synch-l1-2-0.dll.2.drStatic PE information: No import functions for PE file found
        Source: api-ms-win-crt-locale-l1-1-0.dll.2.drStatic PE information: No import functions for PE file found
        Source: Wasabi.msiBinary or memory string: OriginalFilenamelzmaextractor.dllF vs Wasabi.msi
        Source: Wasabi.msiBinary or memory string: OriginalFileNameaipackagechainer.exe vs Wasabi.msi
        Source: Wasabi.msiBinary or memory string: OriginalFilenameAICustAct.dllF vs Wasabi.msi
        Source: Wasabi.msiBinary or memory string: OriginalFilenamePrereq.dllF vs Wasabi.msi
        Source: classification engineClassification label: sus26.rans.troj.winMSI@8/577@0/1
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ZKsnacksJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\Public\Desktop\Wasabi Wallet.lnkJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user~1\AppData\Local\Temp\MSIB3F8.tmpJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile read: C:\Program Files\desktop.iniJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TenantRestrictions\PayloadJump to behavior
        Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Wasabi.msi"
        Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 8954D0F09732CC8C32EC25B7D9AA876D C
        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding E9EF6AB8F4B248236972964FA7D85355
        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\ZKsnacks\Wasabi Wallet\prerequisites\Wasabi\Wasabi.msi"
        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 8954D0F09732CC8C32EC25B7D9AA876D CJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding E9EF6AB8F4B248236972964FA7D85355Jump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\ZKsnacks\Wasabi Wallet\prerequisites\Wasabi\Wasabi.msi" Jump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: windowscodecs.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: oleacc.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: linkinfo.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: ntshrui.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeSection loaded: cscapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: edputil.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: policymanager.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msvcp110_win.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: appresolver.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: slc.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sppc.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srpapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msihnd.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: pcacli.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowscodecs.dllJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: oleacc.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeAutomated click: Install
        Source: C:\Windows\SysWOW64\msiexec.exeAutomated click: Next
        Source: C:\Windows\SysWOW64\msiexec.exeAutomated click: Install
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWalletJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jreJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\libJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\jawt.libJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Reflection.DispatchProxy.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\binJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\ktab.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legalJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.naming.rmiJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.naming.rmi\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\WalletWasabi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-string-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Transactions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Extensions.DependencyInjection.Abstractions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Runtime.Numerics.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.FileSystem.Primitives.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\securityJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\security\public_suffix_list.datJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-handle-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.internal.vm.compiler.managementJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.internal.vm.compiler.management\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.Compression.FileSystem.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.ComponentModel.TypeConverter.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.rmiJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.rmi\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Runtime.CompilerServices.VisualC.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.sql.rowsetJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.sql.rowset\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Numerics.Vectors.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Console.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Drawing.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Splat.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.security.saslJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.security.sasl\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.crypto.cryptokiJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.crypto.cryptoki\pkcs11cryptotoken.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Resources.ResourceManager.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Security.AccessControl.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Http.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\netstandard.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Fonts.Inter.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\jfrJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\jfr\profile.jfcJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.netJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.net\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.jfrJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.jfr\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Private.Xml.Linq.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.unsupportedJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.unsupported\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\e_sqlite3.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Extensions.FileProviders.Abstractions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\javaw.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\clretwrc.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.ReactiveUI.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\confJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\conf\net.propertiesJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Runtime.InteropServices.JavaScript.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.HttpListener.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\rmiregistry.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-processthreads-l1-1-1.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Xml.Serialization.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Web.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.Reactive.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Xml.Linq.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\createdump.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.jdwp.agentJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.jdwp.agent\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.WebProxy.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\conf\securityJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\conf\security\policyJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\conf\security\policy\README.txtJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\mscorlib.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Metal.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Text.Encoding.CodePages.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\j2gss.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\mscordbi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-libraryloader-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\MicroservicesJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microservices\BinariesJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microservices\Binaries\win64Jump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microservices\Binaries\win64\TorJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microservices\Binaries\win64\Tor\.gitattributesJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\LegalJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Legal\AssetsJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Legal\Assets\LegalDocumentsWw1.txtJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.Security.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.scriptingJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.scripting\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\j2pcsc.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.ComponentModel.EventBasedAsync.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\WalletWasabi.Daemon.pdbJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\TorJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Tor\GeoipJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Tor\Geoip\geoip6Jump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Runtime.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.xml.cryptoJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.xml.crypto\santuario.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Text.Json.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Reflection.Emit.ILGeneration.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.security.sasl\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.charsetsJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.charsets\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.WebSockets.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\conf\managementJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\conf\management\management.propertiesJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Diagnostics.TextWriterTraceListener.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\windowsaccessbridge-64.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Configuration.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.managementJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.management\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\tzmappingsJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\conf\management\jmxremote.password.templateJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Resources.Writer.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\conf\security\policy\limitedJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\conf\security\policy\limited\default_US_export.policyJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\msquic.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.management.jfrJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.management.jfr\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.xml.crypto\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Win32.Registry.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Security.Cryptography.Primitives.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\SkiaSharp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.FreeDesktop.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.smartcardioJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.smartcardio\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Numerics.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\zip.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\jimage.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-runtime-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\psfont.properties.jaJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-conio-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\tzdb.datJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Data.DataSetExtensions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\awt.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.sql.rowset\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.net.httpJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.net.http\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.DragAndDrop.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Globalization.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Private.Xml.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.ServiceProcess.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\java.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\WindowsBase.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Legal\Assets\LegalDocumentsWw2.txtJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Linq.Expressions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.namingJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.naming\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\security\cacertsJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.security.jgssJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.security.jgss\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Threading.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\jfr\default.jfcJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.desktopJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.desktop\libpng.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactivity.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\NBitcoin.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.net.http\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\management_ext.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Xml.XPath.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.xmlJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.xml\xalan.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Controls.TreeDataGrid.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Reactive.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\jawt.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Linq.Parallel.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Options.ConfigurationExtensions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.IsolatedStorage.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\MicroCom.Runtime.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\jabswitch.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.Draggable.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Runtime.InteropServices.RuntimeInformation.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.baseJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.base\icu.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Security.Cryptography.X509Certificates.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.ComponentModel.Annotations.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Runtime.Extensions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.managementJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.management\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.xml\dom.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.net\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.internal.vm.ciJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.internal.vm.ci\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.CSharp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.base\zlib.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\nio.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Base.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.xml\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Threading.Timer.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\jfr.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Runtime.Serialization.Primitives.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.httpserverJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.httpserver\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-process-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\fontmanager.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Security.Principal.Windows.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Skia.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Diagnostics.TraceSource.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.crypto.cryptoki\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-file-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Configuration.Binder.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.localedataJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.localedata\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Web.HttpUtility.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.Pipes.AccessControl.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.WebHeaderCollection.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\SQLitePCLRaw.provider.e_sqlite3.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.FileSystem.DriveInfo.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Diagnostics.Tools.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.Compression.ZipFile.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\conf\security\policy\unlimitedJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\conf\security\policy\unlimited\default_local.policyJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Linq.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-math-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Xml.ReaderWriter.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\SQLitePCLRaw.batteries_v2.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.security.jgssJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.security.jgss\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.accessibilityJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.accessibility\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\prefs.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\msvcp140.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Private.CoreLib.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\DynamicData.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.ServiceModel.Web.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Transactions.Local.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Collections.Immutable.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\management.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Private.Uri.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-processthreads-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Collections.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Runtime.Intrinsics.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Tor\Geoip\geoipJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Reflection.TypeExtensions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.base\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.DesignerSupport.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Security.Cryptography.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\rmi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Caching.Memory.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.base\unicode.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.base\asm.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\SQLitePCLRaw.core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Controls.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microservices\Binaries\win64\Tor\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-time-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.base\aes.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.desktop\colorimaging.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.FileSystem.AccessControl.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Win32.Primitives.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.NameResolution.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.xml.domJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.xml.dom\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\freetype.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.OpenGL.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.instrumentJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.instrument\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.DiaSymReader.Native.amd64.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.management.agentJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.management.agent\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\WalletWasabi.Daemon.runtimeconfig.jsonJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Text.Encoding.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Linq.Queryable.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-private-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Logging.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Logging.Abstractions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.desktop\lcms.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.WebClient.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.management.jfr\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\dt_socket.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Desktop.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.rmi\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.crypto.ecJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.crypto.ec\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-debug-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.ComponentModel.Primitives.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-localization-l1-2-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\psfontj2d.propertiesJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Primitives.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.Compression.Brotli.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.sqlJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.sql\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.transaction.xaJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.transaction.xa\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\conf\logging.propertiesJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.charsets\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.management\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-file-l1-2-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\sunec.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.crypto.cryptoki\pkcs11wrapper.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Core.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Win32.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\WalletWasabi.Fluent.Desktop.deps.jsonJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.Http.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Threading.Tasks.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.MemoryMappedFiles.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Runtime.Handles.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\security\default.policyJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.ComponentModel.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Threading.ThreadPool.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\w2k_lsa_auth.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.localedata\cldr.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.Sockets.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\conf\security\policy\unlimited\default_US_export.policyJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\clrgc.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Runtime.InteropServices.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\mscorrc.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\hostfxr.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microservices\Binaries\win64\Tor\tor.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-datetime-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Formats.Tar.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.xml\bcel.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Runtime.Loader.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\keytool.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\jrt-fs.jarJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.xml\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Security.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Collections.Concurrent.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.Compression.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.Ping.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Reflection.Primitives.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microservices\Binaries\win64\hwi.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\fontconfig.properties.srcJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.Pipes.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\ucrtbase.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Newtonsoft.Json.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Reflection.Metadata.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.desktop\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\jvm.cfgJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Diagnostics.DiagnosticSource.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.Compression.Native.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.smartcardio\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Private.DataContractSerialization.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Reflection.Emit.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Reflection.Emit.Lightweight.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.xml\jcup.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\WalletWasabi.Daemon.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\jaas.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.AspNetCore.WebUtilities.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\modulesJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.zipfsJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.zipfs\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\WalletWasabi.Daemon.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\QRackers.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.ObjectModel.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.management.agent\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-profile-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\av_libglesv2.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.xml.crypto\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Tmds.DBus.Protocol.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\javajpeg.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.Primitives.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Security.Cryptography.OpenSsl.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\jsound.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.httpserver\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Native.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.base\public_suffix.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Resources.Reader.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.transaction.xa\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Diagnostics.Process.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\jaccesswalker.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.UnmanagedMemoryStream.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\verify.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\fontconfig.bfcJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\java.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Threading.Tasks.Dataflow.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.prefsJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.prefs\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.compilerJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.compiler\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Extensions.DependencyInjection.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Text.Encodings.Web.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.VisualBasic.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Markup.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.xml\xerces.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.Pipelines.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Security.Cryptography.Csp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\hostpolicy.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.localedata\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\jlig.jarJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Options.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Reflection.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\vcruntime140.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-util-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.sql\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Security.Cryptography.Algorithms.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.sctpJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.sctp\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.Requests.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.desktop\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.datatransferJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.datatransfer\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\WalletWasabi.Fluent.Desktop.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.zipfs\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Markup.Xaml.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.MicroCom.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.crypto.ec\ecc.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Runtime.CompilerServices.Unsafe.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.instrument\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.Quic.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Buffers.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\jli.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\mscordaccore_amd64_amd64_8.0.324.11423.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.desktop\mesa3d.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\mlib_image.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.AppContext.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-rtlsupport-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\WalletWasabi.Fluent.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\WabiSabi.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Xml.XPath.XDocument.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Globalization.Calendars.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Caching.Abstractions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-locale-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Drawing.Primitives.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-memory-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Data.Sqlite.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.scripting\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Xml.XDocument.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.base\c-libutl.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.FileSystem.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.security.jgss\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.desktop\opengl.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Themes.Fluent.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.management\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.security.authJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.security.auth\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.naming\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-timezone-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.Custom.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\conf\security\java.policyJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.dynalinkJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.dynalink\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-synch-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.internal.vm.compilerJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.internal.vm.compiler\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Globalization.Extensions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.seJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.se\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.dynalink\dynalink.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.WebSockets.Client.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microservices\Binaries\win64\bitcoind.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Formats.Asn1.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Reflection.Extensions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.IO.FileSystem.Watcher.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\releaseJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Diagnostics.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.desktop\giflib.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\klist.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\serverJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\server\jvm.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Windows.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\rmid.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Threading.Thread.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.Mail.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-file-l2-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-string-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\instrument.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Diagnostics.Debug.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\WalletWasabi.Fluent.pdbJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.desktop\harfbuzz.mdJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Net.NetworkInformation.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-stdio-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.jsobjectJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.jsobject\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Dynamic.Runtime.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.internal.vm.compiler\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.internal.vm.ci\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-heap-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.crypto.cryptoki\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Runtime.Serialization.Formatters.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.sctp\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\lib\classlistJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Threading.Channels.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Text.Encoding.Extensions.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-utility-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\wassabee.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Runtime.Serialization.Json.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.loggingJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.logging\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\jaccessinspector.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.naming.rmi\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\libHarfBuzzSharp.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\System.Security.Principal.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.xml.dom\LICENSEJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.management.rmiJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\java.management.rmi\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.Dialogs.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\legal\jdk.jdwp.agent\COPYRIGHTJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\jre\bin\net.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Avalonia.dllJump to behavior
        Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Diagnostics.Abstractions.dllJump to behavior
        Source: Wasabi.msiStatic file information: File size 3083264 > 1048576
        Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\aipackagechainer.pdb source: Wasabi.msi
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Json\Release\net8.0\System.Text.Json.pdb source: System.Text.Json.dll.2.dr
        Source: Binary string: /_/artifacts/obj/System.Diagnostics.Debug/Release/net8.0-windows/System.Diagnostics.Debug.pdbSHA256i source: System.Diagnostics.Debug.dll.2.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XmlSerializer\Release\net8.0\System.Xml.XmlSerializer.pdb source: System.Xml.XmlSerializer.dll.2.dr
        Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: api-ms-win-core-memory-l1-1-0.dll.2.dr
        Source: Binary string: System.ComponentModel.Primitives.ni.pdb source: System.ComponentModel.Primitives.dll.2.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.AccessControl\Release\net8.0-windows\System.Security.AccessControl.pdb source: System.Security.AccessControl.dll.2.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.TypeExtensions\Release\net8.0\System.Reflection.TypeExtensions.pdb source: System.Reflection.TypeExtensions.dll.2.dr
        Source: Binary string: /_/artifacts/obj/mscorlib/Release/net8.0-windows/mscorlib.pdb source: mscorlib.dll.2.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Cng/Release/net8.0-windows/System.Security.Cryptography.Cng.pdb source: System.Security.Cryptography.Cng.dll.2.dr
        Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.Options/Release/net8.0/Microsoft.Extensions.Options.pdbSHA256 source: Microsoft.Extensions.Options.dll.2.dr
        Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: api-ms-win-crt-stdio-l1-1-0.dll.2.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Json\Release\net8.0\System.Runtime.Serialization.Json.pdb source: System.Runtime.Serialization.Json.dll.2.dr
        Source: Binary string: libGLESv2.dll.pdb source: av_libglesv2.dll.2.dr
        Source: Binary string: Avalonia.Xaml.Interactions.Responsive.pdb source: Avalonia.Xaml.Interactions.Responsive.dll.2.dr
        Source: Binary string: /_/artifacts/obj/System.Security.SecureString/Release/net8.0-windows/System.Security.SecureString.pdbSHA256&JU source: System.Security.SecureString.dll.2.dr
        Source: Binary string: t:\workspace\build\windows-x64\support\native\java.base\java_objs\java.pdb source: java.exe.2.dr
        Source: Binary string: System.Security.Principal.Windows.ni.pdb source: System.Security.Principal.Windows.dll.2.dr
        Source: Binary string: /_/artifacts/obj/mscorlib/Release/net8.0-windows/mscorlib.pdbSHA256 source: mscorlib.dll.2.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscordac\mscordaccore.pdb source: mscordaccore.dll.2.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XmlSerializer\Release\net8.0\System.Xml.XmlSerializer.pdbSHA256 source: System.Xml.XmlSerializer.dll.2.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.OpenSsl/Release/net8.0-windows/System.Security.Cryptography.OpenSsl.pdb source: System.Security.Cryptography.OpenSsl.dll.2.dr
        Source: Binary string: /_/artifacts/obj/System.Xml.XmlDocument/Release/net8.0-windows/System.Xml.XmlDocument.pdbSHA256 source: System.Xml.XmlDocument.dll.2.dr
        Source: Binary string: /_/artifacts/obj/System.Data.DataSetExtensions/Release/net8.0-windows/System.Data.DataSetExtensions.pdbSHA256j source: System.Data.DataSetExtensions.dll.2.dr
        Source: Binary string: System.Text.Json.ni.pdb source: System.Text.Json.dll.2.dr
        Source: Binary string: vcruntime140.amd64.pdbGCTL source: vcruntime140.dll.2.dr
        Source: Binary string: /_/artifacts/obj/System.Diagnostics.Debug/Release/net8.0-windows/System.Diagnostics.Debug.pdb source: System.Diagnostics.Debug.dll.2.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscorrc\mscorrc.pdb source: mscorrc.dll.2.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Win32.Primitives\Release\net8.0\Microsoft.Win32.Primitives.pdb source: Microsoft.Win32.Primitives.dll.2.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\Release\net8.0\System.Reflection.Primitives.pdb source: System.Reflection.Primitives.dll.2.dr
        Source: Binary string: WalletWasabi.Fluent.Desktop\obj\Release\net8.0\win-x64\WalletWasabi.Fluent.Desktop.pdb source: WalletWasabi.Fluent.Desktop.dll.2.dr
        Source: Binary string: System.Private.DataContractSerialization.ni.pdb source: System.Private.DataContractSerialization.dll.2.dr
        Source: Binary string: D:\a\1\s\externals\skia\out\windows\x64\libSkiaSharp.pdb source: libSkiaSharp.dll.2.dr
        Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.Options/Release/net8.0/Microsoft.Extensions.Options.pdb source: Microsoft.Extensions.Options.dll.2.dr
        Source: Binary string: t:\workspace\build\windows-x64\support\modules_libs\jdk.security.auth\jaas.pdb source: jaas.dll.2.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.Win32.Primitives\Release\net8.0\Microsoft.Win32.Primitives.pdbSHA256l source: Microsoft.Win32.Primitives.dll.2.dr
        Source: Binary string: /_/artifacts/obj/System.Security.SecureString/Release/net8.0-windows/System.Security.SecureString.pdb source: System.Security.SecureString.dll.2.dr
        Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: Wasabi.msi, MSIB640.tmp.0.dr, MSIB514.tmp.0.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.OpenSsl/Release/net8.0-windows/System.Security.Cryptography.OpenSsl.pdbSHA256 source: System.Security.Cryptography.OpenSsl.dll.2.dr
        Source: Binary string: vcruntime140.amd64.pdb source: vcruntime140.dll.2.dr
        Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: api-ms-win-crt-time-l1-1-0.dll.2.dr
        Source: Binary string: System.Net.WebSockets.Client.ni.pdb source: System.Net.WebSockets.Client.dll.2.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Net.WebSockets.Client\Release\net8.0\System.Net.WebSockets.Client.pdb source: System.Net.WebSockets.Client.dll.2.dr
        Source: Binary string: WalletWasabi.Fluent.Desktop\obj\Release\net8.0\win-x64\WalletWasabi.Fluent.Desktop.pdbSHA256 source: WalletWasabi.Fluent.Desktop.dll.2.dr
        Source: Binary string: System.Reflection.TypeExtensions.ni.pdb source: System.Reflection.TypeExtensions.dll.2.dr
        Source: Binary string: /_/artifacts/obj/System.Private.DataContractSerialization/Release/net8.0/System.Private.DataContractSerialization.pdb source: System.Private.DataContractSerialization.dll.2.dr
        Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.Logging.Abstractions/Release/net8.0/Microsoft.Extensions.Logging.Abstractions.pdbSHA256 source: Microsoft.Extensions.Logging.Abstractions.dll.2.dr
        Source: Binary string: System.Security.Claims.ni.pdb source: System.Security.Claims.dll.2.dr
        Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.Logging.Abstractions/Release/net8.0/Microsoft.Extensions.Logging.Abstractions.pdb source: Microsoft.Extensions.Logging.Abstractions.dll.2.dr
        Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\Prereq.pdb source: Wasabi.msi
        Source: Binary string: /_/artifacts/obj/System.Xml.XmlDocument/Release/net8.0-windows/System.Xml.XmlDocument.pdb source: System.Xml.XmlDocument.dll.2.dr
        Source: Binary string: /_/artifacts/obj/System.IO.UnmanagedMemoryStream/Release/net8.0-windows/System.IO.UnmanagedMemoryStream.pdb source: System.IO.UnmanagedMemoryStream.dll.2.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Cryptography.Cng/Release/net8.0-windows/System.Security.Cryptography.Cng.pdbSHA256 source: System.Security.Cryptography.Cng.dll.2.dr
        Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: api-ms-win-crt-math-l1-1-0.dll.2.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Json\Release\net8.0\System.Runtime.Serialization.Json.pdbSHA256 source: System.Runtime.Serialization.Json.dll.2.dr
        Source: Binary string: System.Security.AccessControl.ni.pdb source: System.Security.AccessControl.dll.2.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.ComponentModel.Primitives\Release\net8.0\System.ComponentModel.Primitives.pdb source: System.ComponentModel.Primitives.dll.2.dr
        Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll.2.dr
        Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: api-ms-win-core-namedpipe-l1-1-0.dll.2.dr
        Source: Binary string: /_/artifacts/obj/System.Data.DataSetExtensions/Release/net8.0-windows/System.Data.DataSetExtensions.pdb source: System.Data.DataSetExtensions.dll.2.dr
        Source: Binary string: /_/artifacts/obj/System.ValueTuple/Release/net8.0-windows/System.ValueTuple.pdbSHA256% source: System.ValueTuple.dll.2.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.Claims\Release\net8.0\System.Security.Claims.pdb source: System.Security.Claims.dll.2.dr
        Source: Binary string: t:\workspace\build\windows-x64\support\modules_libs\java.base\zip.pdb(( source: zip.dll.2.dr
        Source: Binary string: Avalonia.Xaml.Interactions.Responsive.pdbSHA256 source: Avalonia.Xaml.Interactions.Responsive.dll.2.dr
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\Release\net8.0\System.Reflection.Primitives.pdbSHA256 source: System.Reflection.Primitives.dll.2.dr
        Source: Binary string: /_/artifacts/obj/System.IO.UnmanagedMemoryStream/Release/net8.0-windows/System.IO.UnmanagedMemoryStream.pdbSHA256 source: System.IO.UnmanagedMemoryStream.dll.2.dr
        Source: Binary string: /_/artifacts/obj/System.ValueTuple/Release/net8.0-windows/System.ValueTuple.pdb source: System.ValueTuple.dll.2.dr
        Source: Binary string: t:\workspace\build\windows-x64\support\modules_libs\java.base\zip.pdb source: zip.dll.2.dr
        Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\lzmaextractor.pdb source: Wasabi.msi
        Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.Principal.Windows\Release\net8.0-windows\System.Security.Principal.Windows.pdb source: System.Security.Principal.Windows.dll.2.dr
        Source: Binary string: t:\workspace\build\windows-x64\support\modules_libs\jdk.accessibility\javaaccessbridge.pdb source: javaaccessbridge.dll.2.dr
        Source: api-ms-win-core-synch-l1-2-0.dll.2.drStatic PE information: 0xFA2B3792 [Mon Jan 1 23:11:14 2103 UTC]
        Source: MSIC3BE.tmp.0.drStatic PE information: section name: .didat
        Source: MSI1F67.tmp.0.drStatic PE information: section name: .didat
        Source: MSI1FB6.tmp.0.drStatic PE information: section name: .didat
        Source: MSI23AF.tmp.0.drStatic PE information: section name: .didat
        Source: clrjit.dll.2.drStatic PE information: section name: _RDATA
        Source: mscordaccore.dll.2.drStatic PE information: section name: _RDATA
        Source: Microsoft.VisualBasic.Core.dll.2.drStatic PE information: section name: .text entropy: 6.801774101546534
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\management_agent.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Private.CoreLib.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Threading.Tasks.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.Reactive.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Security.SecureString.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Transactions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\vcruntime140.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Text.Encoding.CodePages.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Splat.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\WalletWasabi.Fluent.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Security.Cryptography.X509Certificates.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\WindowsBase.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\WalletWasabi.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIB4E4.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.IO.Pipelines.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI21E2.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\libHarfBuzzSharp.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\rmid.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Threading.Thread.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\HarfBuzzSharp.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\e_sqlite3.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Net.Sockets.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Microsoft.Win32.Registry.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\zip.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\nio.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Collections.Immutable.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\WabiSabi.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Runtime.Handles.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\java.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\windowsaccessbridge-64.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Runtime.InteropServices.JavaScript.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.Custom.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI21C2.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Buffers.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Xml.XPath.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Runtime.Intrinsics.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Diagnostics.TraceSource.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Diagnostics.StackTrace.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI1F67.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Private.Uri.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\instrument.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Reactive.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\hostfxr.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Reflection.Emit.ILGeneration.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Net.Http.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI23AF.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\MicroCom.Runtime.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\jdwp.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.ServiceProcess.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Private.Xml.Linq.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIB476.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Security.Principal.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Security.Cryptography.Csp.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Avalonia.MicroCom.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\netstandard.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Xml.XmlDocument.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\SkiaSharp.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-file-l1-2-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Net.HttpListener.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-console-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\kinit.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Diagnostics.Tracing.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Net.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.IO.FileSystem.AccessControl.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\hostpolicy.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Microservices\Binaries\win64\bitcoind.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIB514.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Avalonia.Controls.TreeDataGrid.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\javajpeg.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Security.Cryptography.Encoding.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Http.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\prefs.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Avalonia.Base.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Avalonia.Themes.Fluent.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Collections.Concurrent.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-file-l2-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\SQLitePCLRaw.batteries_v2.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Security.Cryptography.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Drawing.Primitives.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\jfr.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Net.Primitives.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.IO.Compression.Brotli.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Console.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\mscorlib.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\dt_socket.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\klist.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-file-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\jawt.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Runtime.Serialization.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Xml.XDocument.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Numerics.Vectors.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Formats.Asn1.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Xml.XmlSerializer.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.IO.Pipes.AccessControl.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Threading.Overlapped.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\freetype.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Security.Cryptography.Cng.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Security.AccessControl.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Globalization.Calendars.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Xml.XPath.XDocument.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Microsoft.Extensions.DependencyInjection.Abstractions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\sunec.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Hosting.Abstractions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\clretwrc.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\w2k_lsa_auth.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\DynamicData.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\rmi.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Xml.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Reflection.DispatchProxy.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Microsoft.VisualBasic.Core.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\WalletWasabi.Fluent.Desktop.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Linq.Parallel.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Options.ConfigurationExtensions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Linq.Queryable.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Web.HttpUtility.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.ComponentModel.Primitives.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\awt.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\SQLitePCLRaw.core.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.ComponentModel.TypeConverter.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-string-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Collections.Specialized.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Configuration.Binder.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\mscordaccore.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Text.Encoding.Extensions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Tmds.DBus.Protocol.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Threading.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Security.Principal.Windows.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Microsoft.AspNetCore.WebUtilities.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Web.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\net.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Caching.Memory.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\ktab.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.IO.FileSystem.Primitives.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Xml.Serialization.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\management.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.Events.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Avalonia.Win32.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Diagnostics.Tools.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Avalonia.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.IO.Compression.ZipFile.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.Draggable.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\rmiregistry.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\jrunscript.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Avalonia.ReactiveUI.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\clrgc.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Net.Requests.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\createdump.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Avalonia.FreeDesktop.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.IO.Compression.Native.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Text.Json.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\WalletWasabi.Daemon.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Private.Xml.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\mscorrc.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Data.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Microsoft.DiaSymReader.Native.amd64.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Logging.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Options.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\fontmanager.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Net.WebHeaderCollection.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Threading.Tasks.Extensions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\msvcp140.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Net.Ping.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\management_ext.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\mscordaccore_amd64_amd64_8.0.324.11423.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Logging.Abstractions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.ObjectModel.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\server\jvm.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.IO.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.ComponentModel.DataAnnotations.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Reflection.Extensions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\QRackers.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Data.Common.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\javaaccessbridge.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\j2gss.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Linq.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Avalonia.Desktop.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.IO.MemoryMappedFiles.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Runtime.Serialization.Formatters.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Drawing.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Net.NetworkInformation.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Configuration.Abstractions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.IO.Compression.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Threading.Timer.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Net.WebSockets.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Configuration.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Windows.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\splashscreen.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Diagnostics.Contracts.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Avalonia.Fonts.Inter.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Microsoft.VisualBasic.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\ucrtbase.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\msquic.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Diagnostics.Debug.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\java.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Microsoft.Data.Sqlite.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\coreclr.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Runtime.Numerics.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Dynamic.Runtime.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Avalonia.OpenGL.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Resources.Reader.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\jli.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Net.WebClient.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Security.Claims.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Data.DataSetExtensions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.IO.FileSystem.DriveInfo.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Private.DataContractSerialization.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Microsoft.Win32.Primitives.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Text.Encoding.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Avalonia.Metal.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.DragAndDrop.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\clrjit.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.IO.UnmanagedMemoryStream.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.IO.Compression.FileSystem.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\j2pkcs11.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIB610.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.ValueTuple.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Avalonia.Markup.Xaml.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\mscordbi.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.AppContext.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Reflection.Metadata.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\NBitcoin.Secp256k1.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIB544.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\jaccessinspector.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Caching.Abstractions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Diagnostics.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Resources.ResourceManager.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\jaas.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Formats.Tar.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Microservices\Binaries\win64\hwi.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\jabswitch.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Avalonia.X11.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Diagnostics.Process.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Reflection.Emit.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\javaw.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Net.WebSockets.Client.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Primitives.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Runtime.InteropServices.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Threading.ThreadPool.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Newtonsoft.Json.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Runtime.Serialization.Primitives.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Reflection.TypeExtensions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-util-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Avalonia.Skia.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Core.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Runtime.Loader.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.IO.Pipes.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Net.ServicePoint.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\wassabee.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Transactions.Local.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Security.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Security.Cryptography.Primitives.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.ComponentModel.EventBasedAsync.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Net.NameResolution.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Net.Mail.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Resources.Writer.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Runtime.Serialization.Json.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\j2pcsc.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.IO.IsolatedStorage.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.IO.FileSystem.Watcher.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIB640.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\jaccesswalker.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.ComponentModel.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Microsoft.Extensions.DependencyInjection.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Reflection.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Diagnostics.FileVersionInfo.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Globalization.Extensions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\NBitcoin.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Linq.Expressions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Avalonia.Dialogs.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Collections.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Memory.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.ServiceModel.Web.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\lcms.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\SQLitePCLRaw.provider.e_sqlite3.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Diagnostics.Abstractions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Net.Quic.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Microsoft.Win32.SystemEvents.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\WalletWasabi.Daemon.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Microsoft.Extensions.Configuration.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIB3F8.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactivity.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.ComponentModel.Annotations.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Microsoft.Net.Http.Headers.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Reflection.Primitives.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\verify.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Avalonia.Controls.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\av_libglesv2.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Collections.NonGeneric.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\mlib_image.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Reflection.Emit.Lightweight.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Text.RegularExpressions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.IO.FileSystem.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Runtime.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Net.Http.Json.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Avalonia.Native.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Xml.Linq.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\jsound.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.Responsive.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\keytool.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\jimage.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Security.Cryptography.Algorithms.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIC3BE.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\ReactiveUI.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Runtime.Serialization.Xml.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Microservices\Binaries\win64\Tor\tor.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2163.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\libSkiaSharp.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2231.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Avalonia.Remote.Protocol.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Runtime.CompilerServices.VisualC.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Net.Security.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Avalonia.DesignerSupport.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Threading.Tasks.Dataflow.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Threading.Channels.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Avalonia.Markup.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Xml.ReaderWriter.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Threading.Tasks.Parallel.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Text.Encodings.Web.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Microsoft.Extensions.FileProviders.Abstractions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Numerics.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Runtime.Extensions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Net.WebProxy.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Security.Cryptography.OpenSsl.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Globalization.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI1FB6.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\Microsoft.CSharp.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\System.Diagnostics.DiagnosticSource.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2163.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2231.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI21C2.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI21E2.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\WasabiWallet\jre\conf\security\policy\README.txtJump to behavior

        Boot Survival

        barindex
        Creates autostart registry keys to launch java
        Source: C:\Windows\System32\msiexec.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC265529287B83643A5181680F642157 D74372E74838EC6409E2A1B7B11BA8FD C:\Program Files\WasabiWallet\jre\bin\javaw.exeJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WasabiWalletJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WasabiWallet\Wasabi Wallet.lnkJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\management_agent.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Private.CoreLib.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Threading.Tasks.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.Reactive.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Security.SecureString.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Transactions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\vcruntime140.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Text.Encoding.CodePages.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Splat.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Security.Cryptography.X509Certificates.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\WalletWasabi.Fluent.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\WindowsBase.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\WalletWasabi.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIB4E4.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.IO.Pipelines.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI21E2.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\libHarfBuzzSharp.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\rmid.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\HarfBuzzSharp.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Threading.Thread.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\e_sqlite3.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Net.Sockets.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\zip.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Microsoft.Win32.Registry.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\nio.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Collections.Immutable.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Runtime.Handles.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\WabiSabi.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\java.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\windowsaccessbridge-64.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Runtime.InteropServices.JavaScript.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.Custom.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Buffers.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI21C2.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Xml.XPath.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Runtime.Intrinsics.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Diagnostics.TraceSource.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Diagnostics.StackTrace.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI1F67.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Private.Uri.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\instrument.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Reactive.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\hostfxr.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Net.Http.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Reflection.Emit.ILGeneration.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\MicroCom.Runtime.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI23AF.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.ServiceProcess.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\jdwp.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Private.Xml.Linq.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Security.Principal.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIB476.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Security.Cryptography.Csp.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Avalonia.MicroCom.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\netstandard.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\SkiaSharp.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-file-l1-2-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Xml.XmlDocument.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Net.HttpListener.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-console-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\kinit.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Diagnostics.Tracing.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Net.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.IO.FileSystem.AccessControl.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\hostpolicy.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Microservices\Binaries\win64\bitcoind.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Avalonia.Controls.TreeDataGrid.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIB514.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\javajpeg.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Security.Cryptography.Encoding.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Microsoft.Extensions.Http.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\prefs.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Avalonia.Base.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Avalonia.Themes.Fluent.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Collections.Concurrent.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-file-l2-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Security.Cryptography.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\SQLitePCLRaw.batteries_v2.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Drawing.Primitives.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Net.Primitives.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\jfr.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.IO.Compression.Brotli.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Console.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\mscorlib.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\dt_socket.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\klist.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-file-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\jawt.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Runtime.Serialization.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Xml.XDocument.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Numerics.Vectors.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Formats.Asn1.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Xml.XmlSerializer.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.IO.Pipes.AccessControl.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Threading.Overlapped.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\freetype.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Security.AccessControl.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Security.Cryptography.Cng.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Globalization.Calendars.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Xml.XPath.XDocument.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Microsoft.Extensions.DependencyInjection.Abstractions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\sunec.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Microsoft.Extensions.Hosting.Abstractions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\clretwrc.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\w2k_lsa_auth.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\DynamicData.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\rmi.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Reflection.DispatchProxy.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Xml.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Microsoft.VisualBasic.Core.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Linq.Parallel.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\WalletWasabi.Fluent.Desktop.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Microsoft.Extensions.Options.ConfigurationExtensions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Linq.Queryable.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.ComponentModel.Primitives.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Web.HttpUtility.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\awt.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\SQLitePCLRaw.core.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.ComponentModel.TypeConverter.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-string-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Microsoft.Extensions.Configuration.Binder.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Collections.Specialized.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\mscordaccore.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Text.Encoding.Extensions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Tmds.DBus.Protocol.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Threading.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Security.Principal.Windows.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Microsoft.AspNetCore.WebUtilities.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Web.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\net.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\ktab.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Microsoft.Extensions.Caching.Memory.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.IO.FileSystem.Primitives.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Xml.Serialization.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\management.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.Events.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Avalonia.Win32.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Avalonia.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Diagnostics.Tools.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.IO.Compression.ZipFile.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.Draggable.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\rmiregistry.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\jrunscript.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Avalonia.ReactiveUI.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\clrgc.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Net.Requests.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\createdump.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Avalonia.FreeDesktop.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.IO.Compression.Native.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Text.Json.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Private.Xml.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\WalletWasabi.Daemon.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\mscorrc.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Microsoft.Extensions.Logging.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Data.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Microsoft.DiaSymReader.Native.amd64.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Microsoft.Extensions.Options.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\fontmanager.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Net.WebHeaderCollection.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Threading.Tasks.Extensions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\msvcp140.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Net.Ping.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\management_ext.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\mscordaccore_amd64_amd64_8.0.324.11423.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Microsoft.Extensions.Logging.Abstractions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.ObjectModel.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\server\jvm.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.IO.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.ComponentModel.DataAnnotations.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\QRackers.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Reflection.Extensions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Data.Common.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\javaaccessbridge.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\j2gss.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Linq.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Avalonia.Desktop.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.IO.MemoryMappedFiles.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Drawing.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Runtime.Serialization.Formatters.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Net.NetworkInformation.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Microsoft.Extensions.Configuration.Abstractions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.IO.Compression.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Threading.Timer.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Net.WebSockets.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Configuration.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\splashscreen.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Windows.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Diagnostics.Contracts.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Avalonia.Fonts.Inter.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Microsoft.VisualBasic.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\msquic.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\java.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Diagnostics.Debug.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Microsoft.Data.Sqlite.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\coreclr.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Runtime.Numerics.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Dynamic.Runtime.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Avalonia.OpenGL.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Resources.Reader.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\jli.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Net.WebClient.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Data.DataSetExtensions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Security.Claims.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.IO.FileSystem.DriveInfo.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Private.DataContractSerialization.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Text.Encoding.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Microsoft.Win32.Primitives.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.DragAndDrop.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Avalonia.Metal.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\clrjit.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.IO.UnmanagedMemoryStream.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.IO.Compression.FileSystem.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\j2pkcs11.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIB610.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.ValueTuple.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Avalonia.Markup.Xaml.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\mscordbi.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Reflection.Metadata.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.AppContext.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\NBitcoin.Secp256k1.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIB544.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\jaccessinspector.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Microsoft.Extensions.Caching.Abstractions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Resources.ResourceManager.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Microsoft.Extensions.Diagnostics.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\jaas.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Microservices\Binaries\win64\hwi.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\jabswitch.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Formats.Tar.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Avalonia.X11.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Diagnostics.Process.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\javaw.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Reflection.Emit.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Net.WebSockets.Client.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Microsoft.Extensions.Primitives.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Runtime.InteropServices.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Threading.ThreadPool.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Newtonsoft.Json.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Runtime.Serialization.Primitives.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Reflection.TypeExtensions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-util-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Avalonia.Skia.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Core.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Runtime.Loader.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.IO.Pipes.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Net.ServicePoint.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\wassabee.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Transactions.Local.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Security.Cryptography.Primitives.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Security.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Net.NameResolution.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.ComponentModel.EventBasedAsync.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Net.Mail.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Resources.Writer.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\j2pcsc.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Runtime.Serialization.Json.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.IO.IsolatedStorage.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.IO.FileSystem.Watcher.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIB640.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\jaccesswalker.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.ComponentModel.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Reflection.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Microsoft.Extensions.DependencyInjection.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Diagnostics.FileVersionInfo.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Globalization.Extensions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\NBitcoin.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Linq.Expressions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Avalonia.Dialogs.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Collections.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.ServiceModel.Web.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Memory.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\lcms.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\SQLitePCLRaw.provider.e_sqlite3.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Microsoft.Extensions.Diagnostics.Abstractions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Net.Quic.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Microsoft.Win32.SystemEvents.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\WalletWasabi.Daemon.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Microsoft.Extensions.Configuration.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.ComponentModel.Annotations.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIB3F8.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactivity.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Microsoft.Net.Http.Headers.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Reflection.Primitives.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\verify.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Avalonia.Controls.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\av_libglesv2.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Collections.NonGeneric.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\mlib_image.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Reflection.Emit.Lightweight.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Text.RegularExpressions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.IO.FileSystem.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Runtime.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Avalonia.Native.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Net.Http.Json.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Xml.Linq.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\jsound.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.Responsive.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\keytool.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\jimage.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Security.Cryptography.Algorithms.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIC3BE.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\ReactiveUI.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Microservices\Binaries\win64\Tor\tor.exeJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Runtime.Serialization.Xml.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2163.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\libSkiaSharp.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2231.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Avalonia.Remote.Protocol.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Runtime.CompilerServices.VisualC.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Net.Security.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Avalonia.DesignerSupport.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Threading.Tasks.Dataflow.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Avalonia.Markup.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Threading.Channels.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Xml.ReaderWriter.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Microsoft.Extensions.FileProviders.Abstractions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Threading.Tasks.Parallel.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Text.Encodings.Web.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Numerics.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Runtime.Extensions.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Security.Cryptography.OpenSsl.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Net.WebProxy.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Globalization.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI1FB6.tmpJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\Microsoft.CSharp.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\WasabiWallet\System.Diagnostics.DiagnosticSource.dllJump to dropped file
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\ZKsnacks\Wasabi Wallet\prerequisites\Wasabi\Wasabi.msi" Jump to behavior
        Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire Infrastructure1
        Replication Through Removable Media        		Windows Management Instrumentation11
        Registry Run Keys / Startup Folder        		11
        Process Injection        		23
        Masquerading        		OS Credential Dumping1
        Process Discovery        		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network Medium1
        Data Encrypted for Impact
        CredentialsDomainsDefault AccountsScheduled Task/Job1
        DLL Side-Loading        		11
        Registry Run Keys / Startup Folder        		11
        Process Injection        		LSASS Memory11
        Peripheral Device Discovery        		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
        DLL Side-Loading        		1
        Obfuscated Files or Information        		Security Account Manager1
        File and Directory Discovery        		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
        Software Packing        		NTDS12
        System Information Discovery        		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Timestomp        		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        DLL Side-Loading        		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
        File Deletion        		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        Wasabi.msi0%ReversingLabs

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Program Files\WasabiWallet\Avalonia.Base.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Avalonia.Controls.TreeDataGrid.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Avalonia.Controls.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Avalonia.DesignerSupport.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Avalonia.Desktop.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Avalonia.Dialogs.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Avalonia.Fonts.Inter.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Avalonia.FreeDesktop.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Avalonia.Markup.Xaml.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Avalonia.Markup.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Avalonia.Metal.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Avalonia.MicroCom.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Avalonia.Native.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Avalonia.OpenGL.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Avalonia.ReactiveUI.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Avalonia.Remote.Protocol.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Avalonia.Skia.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Avalonia.Themes.Fluent.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Avalonia.Win32.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Avalonia.X11.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.Custom.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.DragAndDrop.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.Draggable.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.Events.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.Reactive.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.Responsive.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactivity.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Avalonia.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\DynamicData.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\HarfBuzzSharp.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\MicroCom.Runtime.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Microservices\Binaries\win64\Tor\tor.exe0%ReversingLabs
        C:\Program Files\WasabiWallet\Microservices\Binaries\win64\bitcoind.exe0%ReversingLabs
        C:\Program Files\WasabiWallet\Microservices\Binaries\win64\hwi.exe5%ReversingLabs
        C:\Program Files\WasabiWallet\Microsoft.AspNetCore.WebUtilities.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Microsoft.CSharp.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Microsoft.Data.Sqlite.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Microsoft.DiaSymReader.Native.amd64.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Microsoft.Extensions.Caching.Abstractions.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Microsoft.Extensions.Caching.Memory.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Microsoft.Extensions.Configuration.Abstractions.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Microsoft.Extensions.Configuration.Binder.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Microsoft.Extensions.Configuration.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Microsoft.Extensions.DependencyInjection.Abstractions.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Microsoft.Extensions.DependencyInjection.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Microsoft.Extensions.Diagnostics.Abstractions.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Microsoft.Extensions.Diagnostics.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Microsoft.Extensions.FileProviders.Abstractions.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Microsoft.Extensions.Hosting.Abstractions.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Microsoft.Extensions.Http.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Microsoft.Extensions.Logging.Abstractions.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Microsoft.Extensions.Logging.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Microsoft.Extensions.Options.ConfigurationExtensions.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Microsoft.Extensions.Options.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Microsoft.Extensions.Primitives.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Microsoft.Net.Http.Headers.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Microsoft.VisualBasic.Core.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Microsoft.VisualBasic.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Microsoft.Win32.Primitives.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Microsoft.Win32.Registry.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Microsoft.Win32.SystemEvents.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\NBitcoin.Secp256k1.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\NBitcoin.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Newtonsoft.Json.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\QRackers.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\ReactiveUI.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\SQLitePCLRaw.batteries_v2.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\SQLitePCLRaw.core.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\SQLitePCLRaw.provider.e_sqlite3.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\SkiaSharp.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\Splat.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\System.AppContext.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\System.Buffers.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\System.Collections.Concurrent.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\System.Collections.Immutable.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\System.Collections.NonGeneric.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\System.Collections.Specialized.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\System.Collections.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\System.ComponentModel.Annotations.dll0%ReversingLabs
        C:\Program Files\WasabiWallet\System.ComponentModel.DataAnnotations.dll0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
        http://www.symauth.com/cps0(0%URL Reputationsafe
        http://www.symauth.com/rpa000%URL Reputationsafe

        Domains and IPs

        Contacted Domains

        No contacted domains info

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://schemas.datacontract.org/2004/07/SystemVSystem.Private.DataContractSerialization.dll.2.drfalse
          		unknown
          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirthrhttp://schemas.xmlsoap.org/ws/2005System.Security.Claims.dll.2.drfalse
            		unknown
            https://github.com/zkSNACKs/WalletWasabi/WalletWasabi.Fluent.Desktop.dll.2.drfalse
              		unknown
              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressxhttp://schemas.xmlsoap.org/ws/200System.Security.Claims.dll.2.drfalse
                		unknown
                https://crbug.com/593024Copyingav_libglesv2.dll.2.drfalse
                  		unknown
                  https://tselka.org/files/jlig.jar=TheWalletWasabi.Fluent.Desktop.dll.2.drfalse
                    		unknown
                    http://schemas.datacontract.org/2004/07/System.XmlSystem.Private.DataContractSerialization.dll.2.drfalse
                      		unknown
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovinceSystem.Security.Claims.dll.2.drfalse
                        		unknown
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddresszhttp://schemas.xmlsoap.org/ws/20System.Security.Claims.dll.2.drfalse
                          		unknown
                          http://www.color.orglibSkiaSharp.dll.2.drfalse
                            		unknown
                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authenticationSystem.Security.Claims.dll.2.drfalse
                              		unknown
                              https://github.com/dotnet/runtimeSystem.Security.Cryptography.OpenSsl.dll.2.dr, System.Security.AccessControl.dll.2.dr, System.Data.DataSetExtensions.dll.2.dr, System.Reflection.Primitives.dll.2.dr, System.Xml.XmlSerializer.dll.2.dr, System.Runtime.Serialization.Json.dll.2.dr, Microsoft.Extensions.Logging.Abstractions.dll.2.dr, System.IO.UnmanagedMemoryStream.dll.2.dr, System.Reflection.TypeExtensions.dll.2.dr, System.Text.Json.dll.2.dr, System.Security.Principal.Windows.dll.2.dr, System.Private.DataContractSerialization.dll.2.dr, System.Security.SecureString.dll.2.dr, mscorlib.dll.2.dr, System.Xml.XmlDocument.dll.2.dr, Microsoft.Win32.Primitives.dll.2.dr, System.Diagnostics.Debug.dll.2.dr, System.ValueTuple.dll.2.dr, System.Security.Cryptography.Cng.dll.2.dr, System.Net.WebSockets.Client.dll.2.dr, Microsoft.Extensions.Options.dll.2.drfalse
                                		unknown
                                http://www.apache.org/).bcel.md.2.drfalse
                                  		unknown
                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidSystem.Security.Principal.Windows.dll.2.dr, System.Security.Claims.dll.2.drfalse
                                    		unknown
                                    https://aka.ms/dotnet-warnings/System.Security.AccessControl.dll.2.dr, System.Text.Json.dll.2.dr, System.Security.Principal.Windows.dll.2.dr, System.ComponentModel.Primitives.dll.2.dr, System.Security.Claims.dll.2.drfalse
                                      		unknown
                                      http://crbug.com/398694av_libglesv2.dll.2.drfalse
                                        		unknown
                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecisionzhttp://schemas.xmlsoap.oSystem.Security.Claims.dll.2.drfalse
                                          		unknown
                                          https://github.com/AvaloniaUI/Avalonia.Xaml.BehaviorsAvalonia.Xaml.Interactions.Responsive.dll.2.drfalse
                                            		unknown
                                            https://crbug.com/650547av_libglesv2.dll.2.drfalse
                                              		unknown
                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSystem.Security.Principal.Windows.dll.2.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://crbug.com/941620Someav_libglesv2.dll.2.drfalse
                                                		unknown
                                                http://anglebug.com/2152av_libglesv2.dll.2.drfalse
                                                  		unknown
                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifierSystem.Security.Claims.dll.2.drfalse
                                                    		unknown
                                                    http://www.apache.org/licenses/LICENSE-2.0bcel.md.2.drfalse
                                                      		unknown
                                                      https://crbug.com/650547Usingav_libglesv2.dll.2.drfalse
                                                        		unknown
                                                        http://www.aiim.org/pdfa/ns/id/libSkiaSharp.dll.2.drfalse
                                                          		unknown
                                                          http://www.apache.org/licenses/bcel.md.2.drfalse
                                                            		unknown
                                                            https://crbug.com/593024av_libglesv2.dll.2.drfalse
                                                              		unknown
                                                              http://schemas.datacontract.org/2004/07/System.Private.DataContractSerialization.dll.2.drfalse
                                                                		unknown
                                                                https://github.com/mono/linker/issues/1416.Microsoft.Extensions.Options.dll.2.drfalse
                                                                  		unknown
                                                                  http://anglebug.com/3246av_libglesv2.dll.2.drfalse
                                                                    		unknown
                                                                    http://crbug.com/941620av_libglesv2.dll.2.drfalse
                                                                      		unknown
                                                                      http://schemas.datacontract.org/2004/07/System.Runtime.SerializationSystem.Private.DataContractSerialization.dll.2.drfalse
                                                                        		unknown
                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphoneSystem.Security.Claims.dll.2.drfalse
                                                                          		unknown
                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephoneSystem.Security.Claims.dll.2.drfalse
                                                                            		unknown
                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/localitySystem.Security.Claims.dll.2.drfalse
                                                                              		unknown
                                                                              http://www.symauth.com/cps0(zip.dll.2.dr, javaaccessbridge.dll.2.dr, java.exe.2.dr, jaas.dll.2.drfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://crbug.com/655534Usingav_libglesv2.dll.2.drfalse
                                                                                		unknown
                                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcoderhttp://schemas.xmlsoap.org/ws/2005/System.Security.Claims.dll.2.drfalse
                                                                                  		unknown
                                                                                  https://github.com/dotnet/runtimepSystem.IO.UnmanagedMemoryStream.dll.2.drfalse
                                                                                    		unknown
                                                                                    https://github.com/avaloniaui%Avalonia.Xaml.Interactions.ResponsiveAvalonia.Xaml.Interactions.Responsive.dll.2.drfalse
                                                                                      		unknown
                                                                                      http://anglebug.com/2152Onav_libglesv2.dll.2.drfalse
                                                                                        		unknown
                                                                                        http://www.symauth.com/rpa00zip.dll.2.dr, javaaccessbridge.dll.2.dr, java.exe.2.dr, jaas.dll.2.drfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://github.com/avaloniaui%Avalonia.Xaml.Interactions.Responsive=Avalonia.Xaml.Interactions.Responsive.dll.2.drfalse
                                                                                          		unknown
                                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishednamevhttp://schemas.xmlsoap.oSystem.Security.Claims.dll.2.drfalse
                                                                                            		unknown
                                                                                            http://anglebug.com/1452av_libglesv2.dll.2.drfalse
                                                                                              		unknown
                                                                                              http://schemas.datacontract.org/2004/07/dhttp://schemas.datacontract.org/2004/07/System.XmlRhttp://wSystem.Private.DataContractSerialization.dll.2.drfalse
                                                                                                		unknown
                                                                                                http://schemas.datacontract.org/2004/07/System.Xml.LinqSystem.Private.DataContractSerialization.dll.2.drfalse
                                                                                                  		unknown
                                                                                                  http://crbug.com/398694Alwaysav_libglesv2.dll.2.drfalse
                                                                                                    		unknown
                                                                                                    http://schemas.datacontract.org/2004/07/System.IOSystem.Private.DataContractSerialization.dll.2.drfalse
                                                                                                      		unknown
                                                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprintrhttp://schemas.xmlsoap.org/ws/2005/System.Security.Claims.dll.2.drfalse
                                                                                                        		unknown
                                                                                                        http://schemas.datacontract.org/2004/07/Avalonia.Markup.Xaml.PortableXamlWalletWasabi.Fluent.Desktop.dll.2.drfalse
                                                                                                          		unknown
                                                                                                          http://anglebug.com/1452Bugav_libglesv2.dll.2.drfalse
                                                                                                            		unknown
                                                                                                            http://anglebug.com/3246Onav_libglesv2.dll.2.drfalse
                                                                                                              		unknown
                                                                                                              https://crbug.com/655534av_libglesv2.dll.2.drfalse
                                                                                                                		unknown
                                                                                                                http://schemas.datacontract.org/2004/07/SystemYSystem.Private.DataContractSerialization.dll.2.drfalse
                                                                                                                  		unknown

                                                                                                                  World Map of Contacted IPs

                                                                                                                  • No. of IPs < 25%
                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                  • 75% < No. of IPs

                                                                                                                  Public IPs

                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                  188.114.96.3
                                                                                                                  		unknownEuropean Union
                                                                                                                  		13335CLOUDFLARENETUSfalse

                                                                                                                  General Information

                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                  Analysis ID:1523729
                                                                                                                  Start date and time:2024-10-02 00:30:07 +02:00
                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                  Overall analysis duration:0h 6m 39s
                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                  Report type:full
                                                                                                                  Cookbook file name:default.jbs
                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                  Number of analysed new started processes analysed:20
                                                                                                                  Number of new started drivers analysed:0
                                                                                                                  Number of existing processes analysed:0
                                                                                                                  Number of existing drivers analysed:0
                                                                                                                  Number of injected processes analysed:0
                                                                                                                  Technologies:
                                                                                                                  • HCA enabled
                                                                                                                  • EGA enabled
                                                                                                                  • AMSI enabled
                                                                                                                  Analysis Mode:default
                                                                                                                  Analysis stop reason:Timeout
                                                                                                                  Sample name:Wasabi.msi
                                                                                                                  Detection:SUS
                                                                                                                  Classification:sus26.rans.troj.winMSI@8/577@0/1
                                                                                                                  EGA Information:Failed
                                                                                                                  HCA Information:
                                                                                                                  • Successful, ratio: 100%
                                                                                                                  • Number of executed functions: 0
                                                                                                                  • Number of non-executed functions: 0
                                                                                                                  Cookbook Comments:
                                                                                                                  • Found application associated with file extension: .msi

                                                                                                                  Warnings

                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                  • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                  • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                  • Report size getting too big, too many NtSetValueKey calls found.
                                                                                                                  • Skipping network analysis since amount of network traffic is too extensive
                                                                                                                  • VT rate limit hit for: Wasabi.msi

                                                                                                                  Simulations

                                                                                                                  Behavior and APIs

                                                                                                                  No simulations

                                                                                                                  Joe Sandbox View / Context

                                                                                                                  IPs

                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                  188.114.96.3hbwebdownload - MT 103.exeGet hashmaliciousFormBookBrowse
                                                                                                                  • www.j88.travel/c24t/?Edg8Tp=iDjdFciE5wc5h9D9V74ZS/2sliUdDJEhqWnTSCKxgeFtQoD7uajT9bZ2+lW3g3vOrk23&iL30=-ZRd9JBXfLe8q2J
                                                                                                                  z4Shipping_document_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                  • www.bayarcepat19.click/g48c/
                                                                                                                  update SOA.exeGet hashmaliciousFormBookBrowse
                                                                                                                  • www.bayarcepat19.click/5hcm/
                                                                                                                  docs.exeGet hashmaliciousFormBookBrowse
                                                                                                                  • www.j88.travel/c24t/?I6=iDjdFciE5wc5h9D9V74ZS/2sliUdDJEhqWnTSCKxgeFtQoD7uajT9bZ2+la3znjNy02hfQbCEg==&AL0=9rN46F
                                                                                                                  https://wwvmicrosx.live/office365/office_cookies/mainGet hashmaliciousHTMLPhisherBrowse
                                                                                                                  • wwvmicrosx.live/office365/office_cookies/main/
                                                                                                                  http://fitur-dana-terbaru-2024.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                  • fitur-dana-terbaru-2024.pages.dev/favicon.ico
                                                                                                                  http://mobilelegendsmycode.com/Get hashmaliciousUnknownBrowse
                                                                                                                  • mobilelegendsmycode.com/favicon.ico
                                                                                                                  http://instructionhub.net/?gad_source=2&gclid=EAIaIQobChMI-pqSm7HgiAMVbfB5BB3YEjS_EAAYASAAEgJAAPD_BwEGet hashmaliciousWinSearchAbuseBrowse
                                                                                                                  • download.all-instructions.com/Downloads/Instruction%2021921.pdf.lnk
                                                                                                                  ADNOC requesting RFQ.exeGet hashmaliciousFormBookBrowse
                                                                                                                  • www.chinaen.org/zi4g/
                                                                                                                  http://twint.ch-daten.com/de/receive/bank/sgkb/79469380Get hashmaliciousUnknownBrowse
                                                                                                                  • twint.ch-daten.com/socket.io/?EIO=4&transport=polling&t=P8hxwsc

                                                                                                                  Domains

                                                                                                                  No context

                                                                                                                  ASNs

                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                  CLOUDFLARENETUSElectronic_Receipt_ATT0001.htmGet hashmaliciousUnknownBrowse
                                                                                                                  • 104.17.25.14
                                                                                                                  http://t1.global.clubavolta.com/r/?id=h53ebcb4b,29506a5f,2988ba3e&e=cDE9UkVEX0dMX0xveWFsdHlMYXVuY2hTb2x1cy1OT0NPTS1BTEwtMDExMDIwMjQtMV9YWCZwMj1kNzEwNWE1Zi00NjE3LWVmMTEtOWY4OS0wMDBkM2EyMmNlYTE&s=MLotNdk8aEH7W1636YhgxIdQC5od3UWYqTZw3tm9630Get hashmaliciousUnknownBrowse
                                                                                                                  • 172.67.180.104
                                                                                                                  http://www.johnhdaniel.comGet hashmaliciousUnknownBrowse
                                                                                                                  • 104.18.36.155
                                                                                                                  https://convertwithwave.comGet hashmaliciousUnknownBrowse
                                                                                                                  • 104.18.30.234
                                                                                                                  file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                  • 172.67.152.190
                                                                                                                  http://detection.fyiGet hashmaliciousNetSupport RAT, Lsass Dumper, Mimikatz, Nukesped, Quasar, Trickbot, XmrigBrowse
                                                                                                                  • 104.26.4.62
                                                                                                                  https://www.evernote.com/shard/s683/sh/202c4f3c-3650-93fd-8370-eaca4fc7cbbc/9PDECUYIIdOn7uDMCJfJSDfeqawh-oxMdulb3egg-jZJLZIoB686GWk5jgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                  • 104.22.51.98
                                                                                                                  https://dvs.ntoinetted.com/kJthYXSER3TmsdtC7bAT5eXqQ/#geir@byggernfauske.noGet hashmaliciousHTMLPhisherBrowse
                                                                                                                  • 104.17.25.14
                                                                                                                  SecureMessageAtt.htmlGet hashmaliciousUnknownBrowse
                                                                                                                  • 104.18.86.42
                                                                                                                  file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                  • 172.67.183.74

                                                                                                                  JA3 Fingerprints

                                                                                                                  No context

                                                                                                                  Dropped Files

                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                  C:\Program Files\WasabiWallet\Avalonia.Base.dllInstaller.msiGet hashmaliciousUnknownBrowse
                                                                                                                    Installer.msiGet hashmaliciousUnknownBrowse
                                                                                                                      C:\Program Files\WasabiWallet\Avalonia.Controls.dllInstaller.msiGet hashmaliciousUnknownBrowse
                                                                                                                        Installer.msiGet hashmaliciousUnknownBrowse
                                                                                                                          C:\Program Files\WasabiWallet\Avalonia.Controls.TreeDataGrid.dllInstaller.msiGet hashmaliciousUnknownBrowse
                                                                                                                            Installer.msiGet hashmaliciousUnknownBrowse

                                                                                                                              Created / dropped Files

                                                                                                                              C:\Config.Msi\5c201c.rbs

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1141
                                                                                                                              Entropy (8bit):5.619288488630061
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:ubOBRKXjEU62RqhTsPq9zbqBpULggYDhiS44dgjxFk6bn:pLKXwLMg4+nSINYD8SnWG6b
                                                                                                                              MD5:1510EFDA99183CE7C2DE0D80E2B0C243
                                                                                                                              SHA1:68A7301330EE1D36B1D4D3237AA2838198C0D616
                                                                                                                              SHA-256:B250E637C27789DFE1A4288B2658F5765E21815A1F8D11EA5CED0F8AC9F01B1E
                                                                                                                              SHA-512:8AB78DA324E35463BF32FEEB75A0A20B3F6049F10964593AD4C5FC29844B94D25523D1CB28A8FAB2DA974D8AE290B7E12ADCE81D328D8AF487CEB3C06542CFC4
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:...@IXOS.@.....@..AY.@.....@.....@.....@.....@.....@......&.{FD1DF55A-A524-448D-9669-E90738865A64}..Wasabi Wallet..Wasabi.msi.@.....@.....@.....@........&.{4446D09C-0BE8-4268-928A-616EA901B217}.....@.....@.....@.....@.......@.....@.....@.......@......Wasabi Wallet......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{A4AF83FF-58DF-4585-9996-6B6EADACC651}&.{FD1DF55A-A524-448D-9669-E90738865A64}.@......&.{A90A03B5-6772-4978-95A7-2F25405FE3DD}&.{FD1DF55A-A524-448D-9669-E90738865A64}.@......&.{A83FEC63-797F-4A8C-9310-3E721F2E882F}&.{FD1DF55A-A524-448D-9669-E90738865A64}.@........CreateFolders..Creating folders..Folder: [1]#...C:\Program Files (x86)\ZKsnacks\Wasabi Wallet\.@........WriteRegistryValues..Writing system registry values..Key: [1], Name: [2], Value: [3]$..@......Software\ZKsnacks\Wasabi Wallet...@....(.&...Version..2.4.0.0'.&...Path..C:\Program Files (x86)\ZKsnacks\Wasabi Wallet\$..@....

                                                                                                                              C:\Config.Msi\5c201e.rbs

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:data
                                                                                                                              Category:modified
                                                                                                                              Size (bytes):116835
                                                                                                                              Entropy (8bit):5.832980147998421
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:tliO/892sbrWUX65RjUtSZw1YjEOT/z6SmHEH8cgMJmJxNcH5J7iHKmSx/wJwhPF:Oa+GiguMLL
                                                                                                                              MD5:CAA729030784020B8FA6F2ACF4B7EDC7
                                                                                                                              SHA1:33E304FFF4482EC3A360AB757137878B0309B6D4
                                                                                                                              SHA-256:A3D119FBCC7D604F901515F6A572F5A312A114BA58493F201A37958B29A38B1A
                                                                                                                              SHA-512:04A485C290258175C58467B39CDF29325F78A55EE5E468DF11F5EAEAD450C56638779623935C7F70BF1022F60BBFF66D817034A209E4DCBD6F033D7A9488F8D9
                                                                                                                              Malicious:false
                                                                                                                              Reputation:low
                                                                                                                              Preview:...@IXOS.@.....@..AY.@.....@.....@.....@.....@.....@......&.{7E27347D-8384-46CE-902E-1A7B1BB18ADF}..Wasabi Wallet..Wasabi.msi.@.....@.....@.....@......icon.ico..&.{5F69E7CE-1670-4C31-B486-E8789CC3BA9E}.....@.....@.....@.....@.......@.....@.....@.......@......Wasabi Wallet......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{50CAF59B-0B66-4CA3-8D92-C96591A707AD}&.{7E27347D-8384-46CE-902E-1A7B1BB18ADF}.@......&.{FD3D13B1-AA09-495F-A1DE-0E50A010DDF6}&.{7E27347D-8384-46CE-902E-1A7B1BB18ADF}.@......&.{F466DDCF-6231-4B9C-8DBB-7837DFAAFEE3}&.{7E27347D-8384-46CE-902E-1A7B1BB18ADF}.@......&.{B3286041-724E-4148-A4E5-1170C39B24C4}&.{7E27347D-8384-46CE-902E-1A7B1BB18ADF}.@......&.{10C2A0C3-69F7-4A6D-8A78-0431965D6BA5}&.{7E27347D-8384-46CE-902E-1A7B1BB18ADF}.@......&.{D42EDED2-DC32-4752-8C19-5B32BB19E51C}&.{7E27347D-8384-46CE-902E-1A7B1BB18ADF}.@......&.{B3DCE761-1E97-408D-89F5-595BF059EA07}&.{7E27347D-

                                                                                                                              C:\Program Files\WasabiWallet\Avalonia.Base.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1784320
                                                                                                                              Entropy (8bit):5.727187169296006
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:GoB6yHU9m9OHOawrDF1FOyrP8mL6fVJBrToPueQT:bB6yHU9LHOaf261rT
                                                                                                                              MD5:7B6B3DBF82EE20CB27F65178DD0EDE19
                                                                                                                              SHA1:3D8B72441F24C7DB68AF9D1ACA3A47C9DF6C50EE
                                                                                                                              SHA-256:E783D1259CA4E8452A80C28BE0736D12A46D83DD20981CF996AEFB0610A67F89
                                                                                                                              SHA-512:3B70723FE6A10557797D92E6C6F6EB74455684FB852F42252935263DF584CB8E21C3A70F383FAB3AAD8F85EAB86AE1EE7B2CA72C229C2E465CBFB8E77384E99B
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Joe Sandbox View:
                                                                                                                              • Filename: Installer.msi, Detection: malicious, Browse
                                                                                                                              • Filename: Installer.msi, Detection: malicious, Browse
                                                                                                                              Reputation:low
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..2..........>:... ...`....... ...............................\....`..................................9..O....`...............................9..T............................................ ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................:......H........).......................8........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..(....*..|T...*b...........(......(q...*.(.....D...(.....o.....,...(...+.*"..(....*.~V...*...V...*.~W...*...W...*Fs....%(....(....*J.s....}X....(....*f.s....}X....(......}U...*...0..*........{X......o....-..{U...%-.&.*.o....*.o....*..s....*6.(...+.o...+*2.(...+o...+*.(....(....s.%..(....s....%(....(....*Z..D...(.

                                                                                                                              C:\Program Files\WasabiWallet\Avalonia.Controls.TreeDataGrid.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):325120
                                                                                                                              Entropy (8bit):6.5617811049729955
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:zubUd6TQFZSpprORPCb1W7HxEUy7rbCQSduu:zddVZJRPCZ4C7HCQKuu
                                                                                                                              MD5:44E1E15D4FE0395CAAFCBA73660EE639
                                                                                                                              SHA1:8F0F6A143F2BFD6D9A4668D6F4A6DE3B0C83CE39
                                                                                                                              SHA-256:05B25650683219E67CB29CD7B7F391A721C8E254F2CD6E7EB2194B6D3E5DC6FB
                                                                                                                              SHA-512:6705AF9B13833D748328126943713BFE99EDF7371E9698753EB37F4DAE6259A9B930478F766A62523DA6329523CB2FB32E84AF6DE382E4CFEAA738A7775069C7
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Joe Sandbox View:
                                                                                                                              • Filename: Installer.msi, Detection: malicious, Browse
                                                                                                                              • Filename: Installer.msi, Detection: malicious, Browse
                                                                                                                              Reputation:low
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'..........."!..0.................. ........@.. .......................`............`.................................f...U.... .......................@.......Q..p............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......x....t..........(...P.............................................(....*^.(...........%...}....*:.(......}....*:.(......}....*f.s....}.....(......}....*f.s....%.o....&{....o....*v..(.....o.....{....3...}....*.0.._.........(.....o....,O.o.....{....3A.o....o....o....-/.o.....{....o....(...+..{.....o....o......}....*..0..Z.........(.....o....,J.o.....{....3<.o....o....-/.o.....{....o....(...+..{.....o....o......}....*...{....o.....o....3...}......(....*v..(.....o.....{..

                                                                                                                              C:\Program Files\WasabiWallet\Avalonia.Controls.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):968192
                                                                                                                              Entropy (8bit):5.930162569191391
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:7fMHu4/33XcMt0SpHHzOLWGwNJ6gCkViIgbnlzqLT:QXc6vkQXlgjl+
                                                                                                                              MD5:2EA1912C73E79B7D88B573BA14C572EE
                                                                                                                              SHA1:1CD788A040FE403D7E7EB1B4C6EE59B885C6730C
                                                                                                                              SHA-256:FF5824BA574DF1A1B31B9D0580AB1A75096056154E010550A1F25E0CB88C8A51
                                                                                                                              SHA-512:30B3402DDE16483BA00A0619258D2DCCB34A5B9A1957D0880ACC0F82FD990D6F308747843A97169596F4790D6B602377E0CE5AA16AEF8395C4080A9B2ADBB47F
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Joe Sandbox View:
                                                                                                                              • Filename: Installer.msi, Detection: malicious, Browse
                                                                                                                              • Filename: Installer.msi, Detection: malicious, Browse
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...*C4..........." ..0.................. ........... ....................... ......].....`.....................................O.......................................T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......HU......................X.........................................(u...*^.(u..........%...}....*:.(u.....}....*:.(u.....}....*:.(u.....}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*.0..Q........~=...%-.&~<.........sv...%.=...}.....~>...%-.&~<.........sv...%.>...}.....(w...*.s....%.e...(x...o....%~y...%-.&~z.....{...s|...%.y

                                                                                                                              C:\Program Files\WasabiWallet\Avalonia.DesignerSupport.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):208896
                                                                                                                              Entropy (8bit):7.633510335360794
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:5KpkXoCDpR8XaC8KMUZjc5rlFEkdLQcu:5lZDpRYaCzAE
                                                                                                                              MD5:71FF5A8DFE4ED105D29A57C1765C0BDA
                                                                                                                              SHA1:9F22FA31F96CB2C7ABE42F47DCAD385FDF0AB15E
                                                                                                                              SHA-256:6F62A5F03CE2D7A435DD1DA2797A13C9A0CA2C36FB9EE248668068F659ACF9F6
                                                                                                                              SHA-512:38C3BB56356B5585E7C643DA20573D3BAD19C171ED2D68145E11118376E259E115CA353322BCF546459539706A2FAB6BC3D12A3436E9B9ED88CF25F44AE0C4F6
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....B..........." ..0..&.........."E... ...`....... ..............................j.....`..................................D..O....`..0............................C..T............................................ ............... ..H............text...(%... ...&.................. ..`.rsrc...0....`.......(..............@..@.reloc..............................@..B.................E......H........e...............-......lC........................................(....*:.(......}....*J...#.......?(....*...0..........(.....(....(...+(.....o....s.........,".-.r...p..r...p.(.....(....s.......-..+..( ...(!.......-..+7..(...+~m...%-.&~l.........s#...%.m...(...+%-.&.+.(%........s&...s'...%..o(...%.o)...%....(*....._o+...o,.......u........u........9......t....(-.......,...o......o/......8t...s0...%o1...s2...%r+..po3...o4...%o1...s2...%r...po3...o4...%o1...s2...%r...po3

                                                                                                                              C:\Program Files\WasabiWallet\Avalonia.Desktop.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):15360
                                                                                                                              Entropy (8bit):5.132346869793129
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:uWRYFVmaFtAgY6DMZPGlFbnpdPpITZWxKw9V:uW2HYZ2dPpvX/
                                                                                                                              MD5:3AD4CFF7B0D523D42F5371F25E4A3AA9
                                                                                                                              SHA1:5F57338606B6F6C7D61BD483B0129F6E3D97BFA3
                                                                                                                              SHA-256:D23C2151BF0D99A4E20283A5CF2A159632FE7CFED7D9386874ED1A60104FAAE0
                                                                                                                              SHA-512:7FCC4B0EDBA1F474FBDF168C33915F663264DA5CF3D7EFAB49F13E3FDFA4392026495DC7DE6E5AC7875B3B6E343F4A100F0D0A86435DC6270F8897FAF15CE82D
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....+..........." ..0..2...........P... ...`....... ..............................!.....`.................................OP..O....`..............................|O..T............................................ ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............:..............@..B.................P......H.......@!...-...................N........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*....0..m.......(....,..(.....(....+V(....,..(.....(....+A(....,..(.....(....+,.r...p(.......%(....-.&+.(........r...p(.....*".(....&*".(....&*".(....&*".(....&*...BSJB............v4.0.30319......l.......#~..@...(...#Strings....h.......#US.(.......#GUID...8...."..#Blob...........W..........3................................<.......

                                                                                                                              C:\Program Files\WasabiWallet\Avalonia.Dialogs.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):233984
                                                                                                                              Entropy (8bit):6.573179556181761
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:ZEaNiXlLgbEmk0/Dv6QKwRr4T2EUtxq2FquPt3/yzBuNOIOU7og2Fnxfyw3uu08G:XOqXpSIE6Ey/SmWUMxFnZyw3uqb8b
                                                                                                                              MD5:C43DB81C3244188BD83A7D872472F948
                                                                                                                              SHA1:6F0A8E48222A6347C0BBFA0914FCB88AB8F66CC5
                                                                                                                              SHA-256:C3459D4525D1EBA278402E44FB48D29F95C2C8B8AFCB57BA78C1EB80F729C7DD
                                                                                                                              SHA-512:2164C1C996B9A34AF2A87C225C65F0302DC000AAEAA2438BB826DD65FECA7F5135B808D016C7EC3A6EF6C69DFD01640DF738BA7D6A0CCB58F4306E0FEC405E44
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"!..0.................. ........@.. ....................................`.................................e...V.......................................T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........................U..8.............................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*.~....*.~....*.~....*R.(.....(......(....*..0..~........r...pr)..p(....r-..pr1..po.....s....%r;..po....%rK..p.r-..p(....o....%.o....%.o....%.o....%.o....(......,..o.......,..o.....*........h..s.......0..........rU..p.(....(....,.r...p.(.....(....*s....%(....(....-.r...p+..o....%(....(....-.r...p+..%-.&r...po....%.o....%(....(....

                                                                                                                              C:\Program Files\WasabiWallet\Avalonia.Fonts.Inter.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2552320
                                                                                                                              Entropy (8bit):6.248712762698989
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:7GfUawvIQdG+ue17V0hL+QZr/GpRAkik+WABkLGm7K7ZLQQtyQ8YG8a5iDGWDSW3:dF16ORAki2LqpDGWDSWaJsnzXwI
                                                                                                                              MD5:D2341F0E9F9261D64CE04F80E8E24F1D
                                                                                                                              SHA1:54A686350163238DD16E57FA2C4A0F8BA9C23FE2
                                                                                                                              SHA-256:E1F45C606C6C9AD99B907476ADC4B4B1147681D0E28792384BC476045FBD4260
                                                                                                                              SHA-512:B90679DDA05E61B3583496F32B8EF521E19F099625C2D91F1EEA7CF9880C53B5C7473654033F6FBCC52D2396110CD4CB74DD9CA53359D5A40FC5A82CA0DD0115
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...2............." ..0...&.........:.'.. ... '...... .......................`'.......'...`...................................'.O.... '.,....................@'.......'.T............................................ ............... ..H............text...@.&.. ....&................. ..`.rsrc...,.... '.......&.............@..@.reloc.......@'.......&.............@..B..................'.....H........!...,...........M...&...'.......................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*..~....%-.&~..........s....%.....o....*v.r...p.s....r...p.s....(....*.s.........*..(....*2.s....o....*.BSJB............v4.0.30319......l.......#~..........#Strings........d...#US.........#GUID........"..#Blob...........W..........3................................=...................................>...............................

                                                                                                                              C:\Program Files\WasabiWallet\Avalonia.FreeDesktop.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):204288
                                                                                                                              Entropy (8bit):6.059566916476708
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:PY+8fK1QwjYxTHwRiBbcoXcP0rprdYWsurfnLNVP3i6cTM9LfYw:AyPIHJPXccdrd7FVPR/9
                                                                                                                              MD5:677B6000C146E96A841FCADBE4728984
                                                                                                                              SHA1:67CBAF742C1B2537E734C9921B2299EE220D2771
                                                                                                                              SHA-256:25F19DD958AD5FEEC8BC04A9FC83A117DD5F0FE34F486B937CEAEFFBF82436C7
                                                                                                                              SHA-512:45B44C88A3F66B50C2D5595B60CC89635481D381ABED165DC84E4C57C9BA599C9A1A60D2E398C66247D0B6A535474BFE6FDC3D3DE8CA9C6513773CA28DF43844
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...x.*..........." ..0.............z2... ...@....... ...............................O....`.................................'2..O....@..,....................`......L1..T............................................ ............... ..H............text........ ...................... ..`.rsrc...,....@......................@..@.reloc.......`......................@..B................[2......H........1.......................0........................................{!...*..{"...*V.(#.....}!.....}"...*...0..A........u........4.,/($....{!....{!...o%...,.(&....{"....{"...o'...*.*.*. .... )UU.Z($....{!...o(...X )UU.Z(&....{"...o)...X*...0..b........r...p......%..{!......%q.........-.&.+.......o*....%..{"......%q.........-.&.+.......o*....(+...*..{,...*..{-...*V.(#.....},.....}-...*.0..A........u........4.,/($....{,....{,...o%...,.(&....{-....{-...o'...*.*.*. .D,L )UU.

                                                                                                                              C:\Program Files\WasabiWallet\Avalonia.Markup.Xaml.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):76800
                                                                                                                              Entropy (8bit):6.0720948545494196
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:DwWOWR6j5vpUOZZZYb02KNUD6bTmHizY1bbyvr:9cDY4ySmHWYNq
                                                                                                                              MD5:CB3C477C69DB58AB7E7BAAD739965B48
                                                                                                                              SHA1:F026DD5886C14E6183A7EF61F17C0CACBDDF6F3D
                                                                                                                              SHA-256:6FF7782E4BBCFC2CF71390BA0A3EEF806FD988A505DA5885A0A5D2B4048C0D6C
                                                                                                                              SHA-512:FD6AB17870709797FF59D3199F43A130C31C6CF5383587C6DCB15885BA54266AC9D85C1BBD4A238731546694432395F1A5B4FFA6F26FBC83419A1D94F0291A43
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.."...........@... ...`....... ...............................F....`..................................@..O....`..,............................?..T............................................ ............... ..H............text....!... ...".................. ..`.rsrc...,....`.......$..............@..@.reloc...............*..............@..B.................@......H........Y..4...................D?........................................(-...*^.(-..........%...}....*:.(-.....}....*:.(-.....}....*:.(-.....}....*....0..<..........k.(......r...p(/......o0...(...+..r?..p(/.....(2...s-...z.0..<..........k.(......r...p(/......o0...(...+..r?..p(/.....(2...s-...z&...(....*...0...........-.r...ps3...z(4...(...+..-.r...ps6...z.o7...-..%-.&r...ps6...z.s8...+......o9...%-.&.+;r...po:...%-.&.+*r+..p.. ...%......(;....%.....(;....(<......(=...,#...

                                                                                                                              C:\Program Files\WasabiWallet\Avalonia.Markup.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):68096
                                                                                                                              Entropy (8bit):5.94156542227091
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:zraL8mU7EXJ0fvikGQgYg/MUcEfZv6NwYuxdF:zzmU7ZP1gl/MUaNwYu3
                                                                                                                              MD5:5B665404A5B688F0AFCCF270298D3786
                                                                                                                              SHA1:CD4BB981EA87F8E7AD4518282B5E1976E1D14783
                                                                                                                              SHA-256:A7AE2A13FF5017BFB86625CC9D8BECB021553008C074772669F2D0C2D819143F
                                                                                                                              SHA-512:870FA5712D238FA3F93BBF28D727FD140E1E468C217353F9483BFDFCA9D838F539E5068866D5D1E8EA097BC22EFD31CD2AC51BEE2C4F32CE81DFA84D92DE0C5D
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...w............." ..0.................. ... ....... .......................`.......P....`.....................................O.... .......................@..........T............................................ ............... ..H............text...4.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........`..|.............................................................(....*^.(.......V...%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*....0..........s.......}6.....}7....(.....@l...s......(....&8......{8...%-.&........s....%.}8....(.......( ...,..(!...r...p.s"...z.........o#...o$....(%....(&...,C.(!........('.....r7..p((......{6...(...+..rM..p((.....(*....s"...z..{7...(+...,..*.(.....{6....C.(!........('.....r7..p((......{6...(...+..rM..p((.....(*....s"

                                                                                                                              C:\Program Files\WasabiWallet\Avalonia.Metal.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):14848
                                                                                                                              Entropy (8bit):5.165889772455159
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:SmeYCX9NTVMAgY6DMZPGLFbLAJa7JxPw9V:SGfYZoN6/
                                                                                                                              MD5:F23D3A764941C9B5BE1FCE7E54D637DF
                                                                                                                              SHA1:9899E506A7C2AA5A7BB5CDE413DB5D058A665183
                                                                                                                              SHA-256:EEB6573D9C4198B1026532607AC7CCDCBC619402A489403C9E11240567A84531
                                                                                                                              SHA-512:9867F3EB56021801D807BE5C638E5AD80E32D0E667F5AD45467B6B80FAEDAB0281D4B41A577AC3254327F41B853376E51BBE0DFE0FBB70DDFFB25A4CE2F363E5
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c5o..........." ..0..0...........O... ...`....... ...............................i....`.................................?O..O....`..............................pN..T............................................ ............... ..H............text..../... ...0.................. ..`.rsrc........`.......2..............@..@.reloc...............8..............@..B................sO......H........ ..P-...................M........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*...BSJB............v4.0.30319......l.......#~..H.......#Strings....$.......#US.(.......#GUID...8....#..#Blob...........WW.........3....................................>.............................I.........3.......................h.......................l.................S.....=.............J.....J.................\...f.\.....\.

                                                                                                                              C:\Program Files\WasabiWallet\Avalonia.MicroCom.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):15360
                                                                                                                              Entropy (8bit):5.178511615318427
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:6RMFo48zkw46AgY6DMZPGBFbPJM9qxFw9V:yUX84wfYZkxU/
                                                                                                                              MD5:36E63C055F2425EF8DD207E917E8C28E
                                                                                                                              SHA1:72917E062BA5BED66BD18B1B7A00F52E44B6CBEE
                                                                                                                              SHA-256:17F4500EA162DD59223476DDF5DE97F9CF5ABA077B966D7BE385DDD01F848E15
                                                                                                                              SHA-512:68B9A3596A5C633A60BCA3144A30FE5BA1DB2BBC01421C18B52523CF68DE932193500D440E0967CAA4C8008D38A2A86592E746947A10E4EB4859B0CE46A6D826
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....4,..........." ..0..2...........P... ...`....... ..............................G\....`.................................}P..O....`...............................O..T............................................ ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............:..............@..B.................P......H........!..4-.................. O........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*..{....*.*..0..+........{..........(......}.....(.......,..(.....*.......... ........{....,.*.{....--.{....-%..}.....(....%-.&+.(......(.....o....*..{....*"..}....*....0..%........{..........(......}.......,..(.....*....................0..+........{..........(......}.....(.......,..(.....*.......... ......f.s....}......}.....(...

                                                                                                                              C:\Program Files\WasabiWallet\Avalonia.Native.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):266752
                                                                                                                              Entropy (8bit):6.044827656972935
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:MzlsINhmkwHwITUbWnIbuaN6CyQzdD3wCJb:TIjmkA4inIznx
                                                                                                                              MD5:BF3050D62CB8580A91726596A7330EAA
                                                                                                                              SHA1:5D0C77604DFCBCC7087AAAF2EBE92B13C5760F07
                                                                                                                              SHA-256:1A870755198B3D86A66F1A3F1D6A02A6847D0487D8CA88E0A0B5210BAE642EB2
                                                                                                                              SHA-512:F7D26B0E429BBDD927FB2680A216E925F2B79D01EFA5EFD1B3CA20A0E7B34E71FF765568B6EFD18ABDC0A87D0402CFFBE544ACE0FA1CB7614BB97DB44C328759
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....3..........." ..0.............2'... ...@....... ...............................H....`..................................&..O....@.......................`.......&..T............................................ ............... ..H............text...8.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......XR..4....................%.......................................0..........([...(t...(....(x...(....(....(....(....(....(....(....(....(....(....(....(....(....(!...(&...(....(0...(5...(9...(@...(B...(G...(O...(Z...(\...(a...(e...(l...(u...(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(%...(....(....(....(<...(&...(*...(1...(....(5...(7...(<...(>...(C...(E...(J...(N...(

                                                                                                                              C:\Program Files\WasabiWallet\Avalonia.OpenGL.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):96256
                                                                                                                              Entropy (8bit):5.972636435682254
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:3pzyeehFyHhrLZJ1V4wpXhHTdWDP3P7gcLT0DkfPs/j61TkY6tbigyQnQ:3HehFsTHTdWDPUc5aY6tn
                                                                                                                              MD5:E3024D0450C4D1559B5B58A0A34DA732
                                                                                                                              SHA1:0266C8DB5C8C14751A251C42A971ACB66C5212D0
                                                                                                                              SHA-256:414243167C49871E417635FAF8CE5ADBDA14E6E9555F7A5260B1542FAD3CDC8B
                                                                                                                              SHA-512:F4FA95F5029726C09BA4772F25DBE351489FFFF4A13EC4199232FC923EBC6D05BD2BA4B0224F76016C172C8230F700600A305765FBC01872E0BBF082326C29EF
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...]............" ..0..n..........>.... ........... ..............................\T....`....................................O.......................................T............................................ ............... ..H............text....l... ...n.................. ..`.rsrc................p..............@..@.reloc...............v..............@..B........................H........|................................................................{....*..{....*..{ ...*..{!...*..(".....}......}......} ......}!...*....0..q........u........d.,_(#....{.....{....o$...,G(%....{.....{....o&...,/('....{ ....{ ...o(...,.()....{!....{!...o*...*.*.*....0..b....... &... )UU.Z(#....{....o+...X )UU.Z(%....{....o,...X )UU.Z('....{ ...o-...X )UU.Z()....{!...o....X*...0...........r...p......%..{.......%q.........-.&.+.......o/....%..{.......%q.........-.&.+.....

                                                                                                                              C:\Program Files\WasabiWallet\Avalonia.ReactiveUI.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35840
                                                                                                                              Entropy (8bit):5.835109520886788
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:fJHquTfEI7SqgMMMMMMMMMMMHLRvwNvPHgdHYZWbg/:xN9+qLmNoY8bg
                                                                                                                              MD5:AB530A8362685F85823F95AFEE4B715D
                                                                                                                              SHA1:FCA27DF4272C162D2A86C67FFEB9DE7BDDFD2432
                                                                                                                              SHA-256:3EA7BD5EC3EA4781D1571DCBFBD2AD13BE2AFCB81311D7ED9C8AED3C01B15414
                                                                                                                              SHA-512:6A1416DF67D53FA289A7FDD0324D1115D4EF070B21A57FB56EAE4184C7CE124B30D4F664C21D05774D7F2B8F4CFF0A3AFDFAE67D395F047BB20A613C049F0A08
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...-45..........." ..0.............J.... ........... ....................................`.....................................O....... ...............................T............................................ ............... ..H............text...P.... ...................... ..`.rsrc... ...........................@..@.reloc..............................@..B................).......H........4...j............................................................(....*^.(.......R...%...}....*:.(......}....*:.(......}....*:.(......}....*..~....%-.&~......I...s....%.....o....*.0..|.........o......(...+%-.&.+.o....u......-..*.(...+(...+..r...p(....,..r...p(....,..*.o....,..*.o....,..o....o ....1..*.~....o!....*..("...*r~......M...s#....s$........*....0...........s%...}.....s&...}.....("...sN....('...(...+o)...('....{....o*...(+...,!.(...+r%..po-...('...(...+o....+

                                                                                                                              C:\Program Files\WasabiWallet\Avalonia.Remote.Protocol.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):70144
                                                                                                                              Entropy (8bit):6.085355276702005
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:WwFdXsoZvwzCJIkJNSmdRlg5Hnm5knn1GL3ZYFqRR:hhtZvwzCJ5qmdRluyGnm3ZYFM
                                                                                                                              MD5:3A97FC3683C65F4097EB5F34460C4A2D
                                                                                                                              SHA1:773BB9EF8E5674A4263CC78E3E1E3A8639342654
                                                                                                                              SHA-256:AB71993848CFB043A5B02577EBA4892DB70679AF52336E68890BCFF82CD95FD2
                                                                                                                              SHA-512:8099B9CEE677726C9C862D6984CFC5CD0EA0A349AEA3295EA0E56BDCB9DA231F4CDFA3F07B7F7F8B3F5AFBAA3A5AF051F155CEB3C3321E159389E318441EB730
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T............." ..0.............^&... ...@....... ...............................t....`..................................&..O....@..D....................`......(%..T............................................ ............... ..H............text...d.... ...................... ..`.rsrc...D....@......................@..@.reloc.......`......................@..B................?&......H........`.......................$........................................(....*^.(.......\...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..................o......o....-$.....(.....o....,......(.....o....-.r...ps....z ....s......s......s..........(.....o .......,..o!.....,..o!.....*.......W..q........P.+{.......0..{........o......o....-$.....(.....o....,......(.....o....-.r...ps....z ....s......s......s.....(.....o .......,..o!.....,..o!.....*.......P..e......

                                                                                                                              C:\Program Files\WasabiWallet\Avalonia.Skia.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):107008
                                                                                                                              Entropy (8bit):6.249265731812534
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:uuXPIeKEj12RdiQow2/r2iHVnOs2pidtxcSdMkbYf1qjKdT/uY3uF:uCDxjw2/r2i1VdtxcOMk8fUU2Ye
                                                                                                                              MD5:454575DA0DCCB496B234C8E94363360C
                                                                                                                              SHA1:149834DC64D7B017ABF9657121368BA7751A4426
                                                                                                                              SHA-256:3C757BB5E2E2E6E5812E1D9C6F5D3518CC899A5A861032647700E3315E61C157
                                                                                                                              SHA-512:130A8CB80B6CA858C2455BAE92554DEA57DE5DD8E81743D90E35AA376C7E46B38F3AAD07541621A770AC502AE4DC326A522DE0F2CCC79831D890F260A16D10BD
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0................. ........... ..............................5.....`.....................................O.......................................T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H...............................<.........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*..~....%-.&~..........s....%.....r...po....*..{....*"..}....*..{....*"..}....*b. ....js....}.....( ...*.0..:........(g.....}......}......%-.&.%-.&.........+.(!...(....}....*...0..*........u......,..u......,....(......,..*..s....*...0............YE................+...+...+...+......o[...,..o[...-..+..o[....o[....o".......o\...,;.o

                                                                                                                              C:\Program Files\WasabiWallet\Avalonia.Themes.Fluent.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):768000
                                                                                                                              Entropy (8bit):5.445019582805365
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:a8YEoq9UgaNTbw6bJgt2gkxm//YBrq/C1I:cqvS01gW3
                                                                                                                              MD5:AD0DA89C6A0CB3E3CDE32CF6A64D74BB
                                                                                                                              SHA1:E52B338F58319FD6B99CC4DC693EE0B2550E3CB5
                                                                                                                              SHA-256:A82CBC43608B1F36AB8F2051F7A9A9CDFCF5E69E3C18076BD86C18F381A6F87D
                                                                                                                              SHA-512:172D5471A4E1177F8789438B31237120262464C20AE294B8E8F8DB57F0D67540565CDB6B38CA70D979DB7007667FD5CD249C966777DBB26BBC54AA6576B47FCA
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....@............"!..0.................. ........@.. ....................... ............`.................................5...V.......8...........................P...T............................................ ............... ..H............text........ ...................... ..`.rsrc...8...........................@..@.reloc..............................@..B................p.......H...........D.............................................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*f.{....-..{....o.......*.*..0...........u......9.....r...p.o....,...{.........Q.{....*.r%..p.o....,...{.........Q.{....*.rS..p.o....,...{.........Q.{....*.r...p.o....,...{.........Q.{....*.r...p.o....,...{.........Q.{....*.r...p.o....,...{.........Q.{....*.r...p.o....,...{.........Q.{....*.{.......o....,........Q.*..Q.*...0......

                                                                                                                              C:\Program Files\WasabiWallet\Avalonia.Win32.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):648192
                                                                                                                              Entropy (8bit):5.9560701303313115
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:fnlN+z1uvskGgd6vClED2QeZ5Z5QDVP09Qe1kIQA+qDNhr9CvLdEjhwyx6j:fnloEslvClc2KPPe1kpDEjhwM6j
                                                                                                                              MD5:90F0CFAE8361492775305850A9C93F57
                                                                                                                              SHA1:D3B44151564E8CD95DD7F92B96204BDF24819988
                                                                                                                              SHA-256:DC61231093CE3E8F30361B16B4A29C3E2558133848825138F1A084FF8518016B
                                                                                                                              SHA-512:805D95E797A6DB1BC18B09B70A91A1B94E5181EE917F4FC89AE3D3E973F6C909DBC303E8F0705137701BD0959BC07E27E427BF09D90BCB17A5424C5B9029CBBF
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... .......................@......3W....`.................................c...O............................ ..........T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H...........d#...........................................................0..!.......(....(....(....(?...(A...(F...(J...(Q...(R...(V...(Y...(_...(a...(f...(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(#...(%...(*...(+...(/...(1...(6...(:...(A...(L...(Z...([...(_...(`...(d...(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....(....( ...(!...(

                                                                                                                              C:\Program Files\WasabiWallet\Avalonia.X11.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):307712
                                                                                                                              Entropy (8bit):6.1577971880246105
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:PVccJ/g47CLLcZ1iGKKA+yRGjRGZl5FRVB/8uDFWvqHl9g3V/m:PVcSxATGj0Zl5HVZl4qGV/
                                                                                                                              MD5:92CE32F8054D968B199C921C3E0ED1AC
                                                                                                                              SHA1:0B62CEB93E5EBFC93D6E53EF54660CEC3C2D6978
                                                                                                                              SHA-256:FDC990DA870E1601830F04DEADC6316316FBCFC23533967FD0D19BC5596A0340
                                                                                                                              SHA-512:6DBBBEA2CBE7EE87D87C5518CB8A19895334E577317F70427C108CAFD060EB1CE66C381841D5E9B90892ADA1425DBF5D4473355CACA2810BAF6A79B4985E9F1F
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............R.... ........... ....................... ............`.....................................O...................................4...T............................................ ............... ..H............text...h.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................3.......H.......H...l.............................................................(#...*..(#...*^.(#..........%...}....*:.(#.....}....*:.(#.....}....*^.(#..........%...}....*:.(#.....}....*:.(#.....}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..0.................%...%...}......}......}......s$...}.....r...p(%...rI..p(&...}.....s'...%...s(

                                                                                                                              C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.Custom.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):34304
                                                                                                                              Entropy (8bit):6.70867570240694
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:wZXMM3jqPI0rI14i8m1yUhRX2QxrMU93mFNbj6VENvuvr+vRV0Zt:wZXMM3jmZrI14i8m1Xh1WFNbjkEWOL0T
                                                                                                                              MD5:453A8364BB1B6780D3185E41DF7D388E
                                                                                                                              SHA1:CD29DF479E30660BEFCC8494C5AA178EC64E3CA3
                                                                                                                              SHA-256:2A3E7F0416DFBAB9D112EB18331056E94CBB8CE7BF339ABF3ABB540FA9C248D9
                                                                                                                              SHA-512:C71C441375BFA1AE1E92A14C44F7D6054FF373BA5537596A6C931A870F024D2AAC45702FDB69D2BCB4964BE0B5B3629B1B04D960A09DF22F2D4E5B8391DDAB48
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....E..........." ..0..z..........2.... ........... ..............................c.....`....................................O.......<...........................@m..p............................................ ............... ..H............text...8y... ...z.................. ..`.rsrc...<............|..............@..@.reloc..............................@..B........................H........2...9...................l......................................2.~....(...+*>.~......(...+&*2.~....(...+*>.~......(...+&*2.~....(...+*>.~......(...+&*..0..x........~....(...+-..u....+..(......,..(....(....,...=...*.(....,%.o.....(....o....,..o.....(....o....&.o.....(....o......=...*..(....*.0..@.......r...p......(...+.....r...p......(...+.....r1..p......(...+.....*.0...........(....%-.&.+.( ...t......,....(....(....}....*F.{....%-.&*o!...*.0..;........-.rO..ps"...z.-

                                                                                                                              C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.DragAndDrop.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):28160
                                                                                                                              Entropy (8bit):6.649849260201614
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:g230zF9p1MKHse2rNmCHq7QEM1QdDtKE4o51Z8TfUubgG7OD8n3czyo5+aozvRVm:K11KfHgJ3rV51ZQfrEHzyM/N2ZA
                                                                                                                              MD5:490D3E2E5BAEA2727E04CD901E096858
                                                                                                                              SHA1:AC4D68AFC6A709751ED82F0AF0B20B1F38E68F61
                                                                                                                              SHA-256:2B73E2AD01209BEEF0D57FB043856534584F28774B9F3013F7C19FB0D2F4AA18
                                                                                                                              SHA-512:846DE3EAE68F230F117022A9EB68999AC8C49A533E695AA8BA1D42774FC849028256C4EB8A1E753CE67EC6050518F57E39A81F3E956CF990D0F6B48B38DD3A9D
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..b..........R.... ........... ..............................#1....`.....................................O.......l............................[..p............................................ ............... ..H............text...Xa... ...b.................. ..`.rsrc...l............d..............@..@.reloc...............l..............@..B................4.......H........1...)..................p[......................................2.~....(...+*>.~......(...+&*2.~....(...+*>.~......(...+&*2.~....(...+*>.~......(...+&*2.~....(...+*>.~......(...+&*.0...........(....%-.&+.~...........s......(...+.(....%-.&+.~...........s .....(...+.(....%-.&+.~!..........s".....(...+.(....%-.&*~#..........s$.....(...+*.0...........(....%-.&+.~...........s....(...+.(....%-.&+.~...........s ...(...+.(....%-.&+.~!..........s"...(...+.(....%-.&*~#.........

                                                                                                                              C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.Draggable.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):41984
                                                                                                                              Entropy (8bit):6.338210557457217
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:dmcCIq8RJVWfx18Bj+6g2/abL7Y+Z/8Gs/UBwFUMZC:rZ/W5Z1XRs/UBwSMZC
                                                                                                                              MD5:0A567ABE30C9356BA3CC868C5C8656ED
                                                                                                                              SHA1:FCEAD5277738A0C74E80472B0060B236BFC89024
                                                                                                                              SHA-256:FDB50DED043D750236F7856E1F90852B3987710AEFE589B9C6D895DE991694CC
                                                                                                                              SHA-512:ED26FB5CB61D039ACC4A9B6774CF327FDE3D6713CAB9147B52376491834987968F15F5CE7BE67071C7C4BD83538C0F5DD1DC7C151526B03C0D8E4082012545D6
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....<..........."!..0.................. ........@.. ....................................`....................................M.......\...............................p............................................ ............... ..H............text...4.... ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H.......HL..PD..........xJ..P....K.......................................0...........(....,x.(....~...........s......o...+.(....~...........s......o...+.(....~...........s......o...+.(....~...........s......o...+*....0..y........(....,p.(....~...........s....o...+.(....~...........s....o...+.(....~...........s....o...+.(....~...........s....o...+*....0..B........(......-.*.s5...~.....%..o....}.....{.....o.....o.....{....o....*...0..9........(......,..{....-.*.o.....{....o....

                                                                                                                              C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.Events.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):26624
                                                                                                                              Entropy (8bit):6.6312667607264615
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:sRilgeABsBAcrN7+Cxqp9a1zXH18480A6sg4IhxZhr:+0gEHrN7+CxooK0RJ4gZ9
                                                                                                                              MD5:C3FFE5093AC9ED603568CA8159AA1973
                                                                                                                              SHA1:F659824F3B107F0DC55FD8E3BBDDCE56E3F4FE6C
                                                                                                                              SHA-256:6D3E06F1163DE1B3559164A45A3297CF109C932F97954B022E232F86B8486BFE
                                                                                                                              SHA-512:FAB5FEC91635D667EA67E555F2F4FC08953F78783238441AED5B439F24E05C22A59C10650A8B425DE0EE0362677F062FE3AF29B529CCDB514C1F11D20921612D
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..\.........."z... ........... ....................................`..................................y..O.......<............................S..p............................................ ............... ..H............text...(Z... ...\.................. ..`.rsrc...<............^..............@..@.reloc...............f..............@..B.................z......H........,..8'..................LS......................................2.~....(...+*>.~......(...+&*..(....%-.&*~...........s.....(.....(...+*..(....%-.&*~...........s....(...+*&...o....*.*..(....*Zr...p......(...+.....*2.~....(...+*>.~......(...+&*..(....%-.&*~...........s.....(.....(...+*..(....%-.&*~...........s....(...+*&...o....*.*..(....*Zr...p......(...+.....*2.~....(...+*>.~......(...+&*..(....%-.&*~...........s ....(.....(...+*..(....%-.&*~...........s ...(...+*&...

                                                                                                                              C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.Reactive.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):14848
                                                                                                                              Entropy (8bit):6.800287152067923
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:XsxZWANNkTbPwxw+ztbDyKYSACSalscYriKLAB1G1yrAdQmY5xZcYByKx7S:XSZWG2vPOrZ2a+cYri6Ay1yrA3wxZh5
                                                                                                                              MD5:A09C0CE26C5A55A131EBCCAD36DF37D6
                                                                                                                              SHA1:EFAC8DC60A289A0C49961BD6464328E43AE751F7
                                                                                                                              SHA-256:61AB3C00EB5BEA12735FBC1D7B3E38F1618964FFB60D94D84308505C01560B6F
                                                                                                                              SHA-512:C11CAB5C27086E5CE7D1F21E8013D0995E911276E50B7FB99E47A4048C30B262881E276A5059E4D18BE74B7A07A4397769D2B4B6DAC5386BF76E8E61D5604668
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............2M... ...`....... ....................................`..................................L..O....`..L...........................d...p............................................ ............... ..H............text...8-... ...................... ..`.rsrc...L....`.......0..............@..@.reloc...............8..............@..B.................M......H........ ..$....................-......................................"..}....*6..{....o....*..(....*..(.....{....%-.&+.(.....s....}......{....o....*^.(.....{....%-.&*(....*..(....*.BSJB............v4.0.30319......l...d...#~..........#Strings............#US.........#GUID.......<...#Blob...........W..........3..................................................................................l.................H.........i.K...s.K...5.K.....K...0.K...M.K.....K.....K.....K.......

                                                                                                                              C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.Responsive.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):21504
                                                                                                                              Entropy (8bit):6.705012307847175
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:cCdWy0Y3zD7xxAxfZQT3qiVaXci3V+eKfZ9bxZhf:cCsi3nlxuf6T3qiu2L91Zp
                                                                                                                              MD5:53F722A2312038381850E3155C435E2D
                                                                                                                              SHA1:5A3F8998368FC7092D459891B9A6B2583E033E95
                                                                                                                              SHA-256:F78BE79D738D3632045CE77A74BDA5CC0920A27ABA685EC8E81D744F1238808C
                                                                                                                              SHA-512:028A8B83579E861F710D819A2F8C5D240E7698A8BB6CFAE62BAA1D75D62C48F2217140572DDC3AF4A081B0921E26A8F9343439DD726ACD557FF0A1E4B9273E22
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...y............." ..0..H...........g... ........... ..............................g.....`..................................f..O.......\............................D..p............................................ ............... ..H............text....G... ...H.................. ..`.rsrc...\............J..............@..@.reloc...............R..............@..B.................f......H........&..p...................hD......................................2.~....(...+*>.~......(...+&*2.~....(...+*>.~......(...+&*...0...........{....%-.&.s....%.}.....*N.(.....(.....(....*6.(.....(....*..0..-........~....(...+-..(....+..(......,....(....}....*F.{....%-.&*o....*..0..N.......s,......}......}.....{....-.r...ps....z.{....~....(...+...-...s!...s"...o#...*...0..t........,..-.*.o$....8D.....(%.....~....o&...-..~....o&...+....o......('....o....(....,...o......('....

                                                                                                                              C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactions.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33792
                                                                                                                              Entropy (8bit):6.607376739310976
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:bZJfp12i/fb6ofwi7tEkDM1OKQ556QyZs:dhHpn7fwi7tEb1E556bZs
                                                                                                                              MD5:574BE458DD87A137589E4FA28B984F70
                                                                                                                              SHA1:4484F999095D3C4D6D6A105C76CCFABDC636FFEB
                                                                                                                              SHA-256:191486F690D63301426694F3CCD76C03DA900C076DE3B6708C599A4CF70F5F7E
                                                                                                                              SHA-512:4803A95D7E9D68A60A7DD243303FE2925883EFC9032B15CFE464BFF92D3F1C3205D447CC65389194FF9274E847FEF99CD0D2D2D9C4964811461485CAEAEFF4AA
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._.Y..........." ..0..x..........>.... ........... ...............................m....`....................................O....................................l..p............................................ ............... ..H............text...Dv... ...x.................. ..`.rsrc................z..............@..@.reloc..............................@..B........................H.......04...8..................@l......................................2.~....(...+*>.~......(...+&*2.~....(...+*>.~......(...+&*...0..m.......r...p......(...+.....r...p......(...+.....~....o...........s....s....o....&~....o...........s....s ...o!...&*....0...........o"...u......-.*.o....*..0..1........o"...u......-.*.o#......($.....,..o%......o....*....0...........~....(...+-..+..(......,..(....(&...,...A...*..o%...(......(......-0.(....,!('...r1..p.(.....{....((...s)...z..

                                                                                                                              C:\Program Files\WasabiWallet\Avalonia.Xaml.Interactivity.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):30720
                                                                                                                              Entropy (8bit):6.6739767292136865
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:3Sdyn0f5N6PburqucWAYaLzxvmLJ14SM/BQ+hbiGFs7CSjYVFTYV5KuxZhh:3j0hwPn7LB+QBQ0uGe7JjCFUKGZX
                                                                                                                              MD5:6D223A3F1203B728D09006B497391EA9
                                                                                                                              SHA1:F42CFDD0F21AAB5C26777DBAE663FA9A35EDC747
                                                                                                                              SHA-256:5FF31868BF3CF1884BE9E7EA0C66287D26365889FE66BFDA0EEF3479FC592131
                                                                                                                              SHA-512:C5EBDB1E7D824A5B8CF6E29F4DF0978E1C9722C532CBB709BE3C6CF9116A9B739CD9882CBB53145037F2089C0F0246D2C637EA2BC71C18FFA625ED53330B1E14
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....l..........." ..0..l..........b.... ........... ..............................9.....`.....................................O....................................b..p............................................ ............... ..H............text...hj... ...l.................. ..`.rsrc................n..............@..@.reloc...............v..............@..B................C.......H.......\-...4..................Pb......................................f.(............s....(....*...0..^........o.......3..(.....+...(....(......(....-..2........o .....,...3..o!...%-.&.+..o"...u....(....*...........+......b.-.*.u....-.r...ps#...z*..{....*"..}....*...0..N.........(....($...,.*.(....,.(%...rs..p(...+('...s#...z..%-.&r...ps(...z(.....o....*:.o......(....*.*.*..o....*..o....*.*.*..()...*..s*...}.....(............s....(....*..{....*"..}....*..0..c.........(....(

                                                                                                                              C:\Program Files\WasabiWallet\Avalonia.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):4096
                                                                                                                              Entropy (8bit):4.153495417623887
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:6WOde4AvlqqzBSgMOZz27Fqlrjnh6sExkDcljjaxMR3rU9VOr:xYIlquSSZziIrjkFrNax+w9V
                                                                                                                              MD5:011BC623F3E7686B9E475CA9E7AF8DED
                                                                                                                              SHA1:99359AFBF41760E10C2AA31D5395C64C35358334
                                                                                                                              SHA-256:9BD80B7AB999DC8DE268F4F07A54640C6D727BFC8D506B4DF962E9DF0EEEE226
                                                                                                                              SHA-512:AAF78088E1A9F6B737CCF72D4651E7ADC3ABD59044E4E4AE41EFBD1684D02266D983D418125BA33004488A47D05FB409F0291619F76EDB62E7C59828B54F3652
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....#e..........." ..0.............F'... ...@....... ....................................`..................................&..O....@.......................`......,&..T............................................ ............... ..H............text...L.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................('......H.......P ..\....................%......................................BSJB............v4.0.30319......l...D...#~..........#Strings....l.......#US.p.......#GUID...........#Blob......................3..................................T...............6.....<.y...........a.....a.....a...g.a.....a.....a...P.a...".a.................s.....s.....s...).s...1.s...9.s...A.s...I.s...Q.s...Y.s...a.s.......................#.....+.....3.....;.J...C.Z...K.....S.....[...................$...

                                                                                                                              C:\Program Files\WasabiWallet\BuyAnything\Data\Countries.json

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:JSON data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19793
                                                                                                                              Entropy (8bit):4.7233416898882545
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:1osBbeKJhdvJS6w7Il3V+pAr4AW7PE+m14cUgtXlP1OUP0Zf5l/:yObhxJS6w7Il3ApA9+41kAXlP17P0ZBB
                                                                                                                              MD5:2CD8BC9642071DA97E3D6F89AC3CBFD2
                                                                                                                              SHA1:1FEBB00C5ED99FA6F8F9D55C26187E4AEDA6A141
                                                                                                                              SHA-256:7DD4267477E24BCC56C9A5BE0B73CA79684D929E14599CAF1378DACC7409D2D5
                                                                                                                              SHA-512:B41796870F804E8820C35C93F6E8BB61C2CAE2B45D8BEAD60BA5A24509027F65E805A5FAA83F511B1A4B2C1A7AB9D0A45E8D4AFD4E37D13359E9128CFB48D988
                                                                                                                              Malicious:false
                                                                                                                              Preview:[. {. "Id": "01fba52746184f9188597d5a14d237fc",. "Name": "Costa Rica". },. {. "Id": "032476683c73475abf50ad7a96b213a9",. "Name": "Portugal". },. {. "Id": "0419baa7522f443d827a0061498d111e",. "Name": "Algeria". },. {. "Id": "041e5d102dbb47da92c350e2244f1aef",. "Name": "R.union". },. {. "Id": "04a42dcde9984443adb171184e43ee5a",. "Name": "Norfolk Island". },. {. "Id": "04a5eee05fab4d199fb9154feb6a9953",. "Name": "Cambodia". },. {. "Id": "0571589d876d476eb7678cb6fbacb13d",. "Name": "Northern Mariana Islands". },. {. "Id": "05d4e8ffcac947fdbdd5526e5590ccf2",. "Name": "Vanuatu". },. {. "Id": "08eb5e884d4440e59fbeaee1c1339cc0",. "Name": "Bosnia and Herzegovina". },. {. "Id": "094d0bb402e542d7b71ff016c10aff7f",. "Name": "Sudan". },. {. "Id": "0b35da485622467e93bc2aa903d58f21",. "Name": "Macedonia (the former Yugoslav Republic of)". },. {. "Id": "0c023b8cb00648e48f67cadf3dec5f0a",. "Name": "Mauritius

                                                                                                                              C:\Program Files\WasabiWallet\DynamicData.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):756736
                                                                                                                              Entropy (8bit):6.31981312843677
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:5bSSgXAsqkhpuPP6daOi9c276/OBnq3VBCS69VS1uMVF2H3H6cLggk75Hovh4dez:g3XVqTPSgOOc2e/O1oVBCS69VS1uMVFz
                                                                                                                              MD5:BF86300D74E7813454F4D96CF4CA0AF5
                                                                                                                              SHA1:4476B776BD864747E427A6216E8D37C7B0F571B2
                                                                                                                              SHA-256:BD5EC669CA449DFFDC039FE83850F7910AFB166862A854088D45FE9AB0939DBC
                                                                                                                              SHA-512:7F08568B12929FAEFD35749D418CBFEA07C718EFB2E0C38A65754A2D1AC485401B8B327A92C44DAFB2934F4EACE9CABEF19D4BDDECA33655CA89F6CC1493BACA
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...g.v..........." ..0.................. ........... ....................................`.................................-...O....................................V..p............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................a.......H...........dK............................................................{>...*..{?...*V.(@.....}>.....}?...*...0..A........u........4.,/(A....{>....{>...oB...,.(C....{?....{?...oD...*.*.*. .... )UU.Z(A....{>...oE...X )UU.Z(C....{?...oF...X*...0..b........r...p......%..{>......%q.........-.&.+.......oG....%..{?......%q.........-.&.+.......oG....(H...*..{I...*..{J...*V.(@.....}I.....}J...*.0..A........u........4.,/(A....{I....{I...oB...,.(C....{J....{J...oD...*.*.*. 6v.. )UU.

                                                                                                                              C:\Program Files\WasabiWallet\HarfBuzzSharp.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):117168
                                                                                                                              Entropy (8bit):6.1090654511231826
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:C7apjMbuurV6308Q9JKWxxwgjZhRkVXyqSB/FTVsHzDzhEphgRmD+jKeMC3+am81:CwWJX7MsowVsHzDB8C3+o588
                                                                                                                              MD5:EAB587A98BA6BC681EC0A26F4BD7387F
                                                                                                                              SHA1:4B8483A20337049CE731D188702651D6A064D06E
                                                                                                                              SHA-256:43865D1AAFA39C8B8FBA7D95A09F9C3EC07B87D8CD86B1B1EABE331649D271AF
                                                                                                                              SHA-512:33F352B7558C2D36D7A322DFC88D5039AE953A796FCF6905A7CB02E18E806B9EF6BDAFD13487F4CA4D423E92379EF636238C102833595016039B15D21CF4B47F
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...tD............" ..0.................. ........... ....................................`.....................................O........................'.............T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......Xs...A..................\.........................................($...*.0..6........-.........~%.............*..(&..........q....('.....*..-.........~%....*..(&..........q....('....*..0..6........~%...((...,.................*..().........(*........*...0..B.......s.......}F.....-..{F...+..{F...s+...}F..........s..........(.....*...0..,.........(...+..o......u......-.......*.o,........*.0..-.......s-......}......}/......0...s..........(.....*....0..4.......s1......}2..

                                                                                                                              C:\Program Files\WasabiWallet\Legal\Assets\LegalDocumentsWw1.txt

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Unicode text, UTF-8 text, with very long lines (866)
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):32169
                                                                                                                              Entropy (8bit):4.706358028763568
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:gBUXG3yHgLHFJTLTedn2lfzi94eEcupFYN4M9:tXGiUq2leED7YN3
                                                                                                                              MD5:15561078F0F2261481516164ED20B5C5
                                                                                                                              SHA1:3B4E0D93B9F14EE0938F6AADF360D1DA14878B86
                                                                                                                              SHA-256:972A80A954BA4C1ED6E38AB0CE80F3878AD06AEBD3DF6B5B244A6414A500FBAC
                                                                                                                              SHA-512:49F037771C438EC11E6AD41A28E1B167FE7605E052633FA7714F0FE521CC67A6083E736B7B960A2BBD9FBD8C95D2F79F7A6C671E7183CED34EA3187D5A479A0B
                                                                                                                              Malicious:true
                                                                                                                              Preview:.Last Updated: Jun 15, 2022..=========================================.SUMMARY.=========================================.. The WASABI team is committed to be fully transparent to its users, from its source code to the legal aspects of its services. The purpose of Wasabi Wallet is to provide privacy for its users. Bitcoin transactions. This means that with the use of the wallet we would like to enable the users to make Bitcoin payments in such a way that their spending history, wallet balances, etc. are not visible to the receiving party. This does not necessarily mean that the user stays anonymous, since the receiving party might have to identify the sending party.. Our goal is to minimize the unintentional leaking or disclosure of private financial information to third parties and to the receiver of any transaction resulting from the use of the Wasabi Wallet. The protection of your privacy and the protection of your (personal) data is our highest priority, which also defines t

                                                                                                                              C:\Program Files\WasabiWallet\Legal\Assets\LegalDocumentsWw2.txt

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Unicode text, UTF-8 text, with very long lines (866)
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):32403
                                                                                                                              Entropy (8bit):4.759050146069756
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:fBUX/3DHgLsOTLTFyzAn2fTzi94eEcupFYV4w9:SX/z0hyi2TeED7YVP
                                                                                                                              MD5:92468ECE0084ADE1ECCB8B1AE451D4B7
                                                                                                                              SHA1:11C5601341050977ECF3A53891E4C94928C32577
                                                                                                                              SHA-256:9F7766C80FBAEB7B1473F82C67FD166E8DBF1BBC51B389E29C7334AE56E05C3F
                                                                                                                              SHA-512:9360CBAEC9AF950A87B646C9A5B34C94C04989487B27294BF1530487D14B734DA394AFC449FDF799E198066E00E075D314428B7E5CB556D45F0FFABBEFBFD213
                                                                                                                              Malicious:true
                                                                                                                              Preview:Last Updated: 2022-06-15..=========================================.SUMMARY.=========================================.. The WASABI team is committed to be fully transparent to its users, from its source code to the legal aspects of its services. The purpose of Wasabi Wallet is to provide privacy for its users. Bitcoin transactions. This means that with the use of the wallet we would like to enable the users to make Bitcoin payments in such a way that their spending history, wallet balances, etc. are not visible to the receiving party. This does not necessarily mean that the user stays anonymous, since the receiving party might have to identify the sending party.. Our goal is to minimize the unintentional leaking or disclosure of private financial information to third parties and to the receiver of any transaction resulting from the use of the Wasabi Wallet. The protection of your privacy and the protection of your (personal) data is our highest priority, which also defines the

                                                                                                                              C:\Program Files\WasabiWallet\MicroCom.Runtime.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):14336
                                                                                                                              Entropy (8bit):5.358635352596975
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:q5NX9uRskVFcxaQakfIut5vspHczY4DtcW8GsW:SX9uOIFAxtiHOh
                                                                                                                              MD5:C27B01D179AB856B42E910496FE749F9
                                                                                                                              SHA1:448412817480D6E20AE7EB2FF9250C69ED4EBECE
                                                                                                                              SHA-256:59839E18E46B06AB23B633944AE3C3B552A300C5DA389DA870DFA980BCEF93C1
                                                                                                                              SHA-512:30416FD4BF5554E6B575AFF59787AE1078BAFA529C36CBE51B05026691851A0824AB648D4D4D2CA4BD26DDAB680EBA95595E9CD80EE63230ABFFCE799B36DABE
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...%............." ..0..0...........O... ...`....... ...............................0....`.................................EO..O....`..............................TN..T............................................ ............... ..H............text..../... ...0.................. ..`.rsrc........`.......2..............@..@.reloc...............6..............@..B................yO......H........+.. "...................M........................................{....~....(....,..(....o....s....z.{....*2.(....(....*..(......}......}.....(....}.....{....-..(....*..*...0...........(....M......XM..(.....)....&*...0..!........(....M........ZXM..(.....)....&*....0..'................(....MM..(...........).......*..0..@............(....(.........(......-......(......(.........*r...p.s....zF.{....~....(....*..{....&.{....,..(......}.....~....}.....(....*"..o....*..{...

                                                                                                                              C:\Program Files\WasabiWallet\Microservices\Binaries\win64\Tor\.gitattributes

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):15
                                                                                                                              Entropy (8bit):3.6402239289418516
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:2LAJ:2K
                                                                                                                              MD5:1760C43C66752C71554E870CAB45701A
                                                                                                                              SHA1:95AB75519C8D1ECF78D429906117E40968002F2F
                                                                                                                              SHA-256:7AF196388C40CF6466C2E314045D69CC630AB4461B60CF2D3998CB6C9FDEAA59
                                                                                                                              SHA-512:1E1CA33029D980D5B1493BF6DCFD038D88D84F35FC8AAD3F7599263ECF59C9857CEFAACC6D19DB9AAEF967E681818ADCF00256987C839E538D63D0288CC7FF9B
                                                                                                                              Malicious:false
                                                                                                                              Preview:tor.exe binary.

                                                                                                                              C:\Program Files\WasabiWallet\Microservices\Binaries\win64\Tor\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Unicode text, UTF-8 text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19651
                                                                                                                              Entropy (8bit):5.097592399683013
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:Kiyrs6rs41DL+rsArsy+Wj9wrsArs3vtr2AArs6rs41DLdrs0rsn3OwyorsCrsRz:FyDDDL+/lxj9w/6trLADDDLdDbwhlRD6
                                                                                                                              MD5:FD51C8540E62D9458ACF2E5C6E8CE350
                                                                                                                              SHA1:D527AACAA8E9FFE8A6E9319CEACB4F05F2C1FC8A
                                                                                                                              SHA-256:47B54ED17E8FDCAB3C44729A1789A09B208F9A63A845A7E50DEF9DF729EEBAD0
                                                                                                                              SHA-512:E4BF460AA7488608B95A7F9C9BBB8CC2A37F5681A341E7D37233519DA1153781DF92927FFE0E86E5B14301F058E0A6F4DD09E5D32556F1C5746B6025D031EB74
                                                                                                                              Malicious:false
                                                                                                                              Preview: This file contains the license for Tor,. a free software project to provide anonymity on the Internet... It also lists the licenses for other components used by Tor... For more information about Tor, see https://www.torproject.org/... If you got this file as a part of a larger bundle,. there may be other license terms that you should be aware of...===============================================================================.Tor is distributed under the "3-clause BSD" license, a commonly used.software license that means Tor is both free software and open source:..Copyright (c) 2001-2004, Roger Dingledine.Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.Copyright (c) 2007-2019, The Tor Project, Inc...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are.met:.. * Redistributions of source code must retain the above copyright.notice, t

                                                                                                                              C:\Program Files\WasabiWallet\Microservices\Binaries\win64\Tor\tor.exe

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):8976896
                                                                                                                              Entropy (8bit):6.231563656547662
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:98304:t6cZV1QNa2cGlKTdAp1VdV/b+tAeGJwTt1BWmJwL+lTBHMjr3:nZbQ5zdtb6p1BWYH
                                                                                                                              MD5:DCB04BAD2EB62D8E258A8038E741C554
                                                                                                                              SHA1:BA64B4B7134D9CCDA5CDD3624CDC898E3778FB7F
                                                                                                                              SHA-256:33049016DD8985E97E69D89CAD74B59B06488310C0BE86D0F83B10EE096B7875
                                                                                                                              SHA-512:8F0FB5A453030850C37E6F3B8F94BC0EB04512C4810DFC5499289DC74B1D02C38E639947245E996CFB3398449395D3BA59F1513F5A9C3283DC4D268F0D7265C5
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.................".......l..4......P..........@..........................................`..................................................................0...............0.......P......................@.l.(....................................................text.....l.......l................. ..`.rdata..`d....l..f....l.............@..@.buildid5....P.......,..............@..@.data........`...4..................@....pdata.......0.......b..............@..@.tls......... .......F..............@....reloc.......0.......H..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\Microservices\Binaries\win64\bitcoind.exe

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):14237715
                                                                                                                              Entropy (8bit):6.558235020373075
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:196608:oxL7FTmzVXiD7blfqz4WNE3sIAAgmag9pV8Mw9HxJP:oxL7YJyhfqz4kEI2HfMP
                                                                                                                              MD5:EA8D8AA706AD34B135AA3A314F2CB12E
                                                                                                                              SHA1:3A64C7441A4AA4EBADF2BB50CBF9CFC18A9F28D4
                                                                                                                              SHA-256:E047C18731D08BBCBC41E971F2DE394958858123E8B454DBC3967CC45FCE8532
                                                                                                                              SHA-512:DACEC3D5568A213F1A8FC7F68BC0E161E8B2B5A75162D1401FB751756FD00E0C487311212EADB5226E97873EA9C41E155560E9F01E22220A6258A55AF1C32AAE
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........@.............%.....:.................@....................................r.....`... ..................................................4...0.......`..d............@..hl..............................(....................................................text...............................`..`.data....s......t..................@....rdata.... ..P.... ..4..............@..@.pdata..d....`.......B..............@..@.xdata..H_...P...`...&..............@..@.bss....0................................edata..............................@..@.idata...4.......6..................@....CRT....p...........................@....tls......... ......................@....rsrc........0......................@....reloc..hl...@...n..................@..B/4...................>..............@..B........................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\Microservices\Binaries\win64\hwi.exe

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):12111722
                                                                                                                              Entropy (8bit):7.994520933312171
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:196608:u5qcx7ke9bNK8G5eKNmiZo4Y4ICteEroXxPdQeEqlbkkwR7VTEHpazW158jbvSU:RiT9bNPG7NmiZo4Y4InEroXl6eEqirRD
                                                                                                                              MD5:00BD03EA34EB84CC1498BC008E3C1B91
                                                                                                                              SHA1:2AAD0D2F69A0C81AE341DB5D7B67CE4238C0A1B5
                                                                                                                              SHA-256:38B3F02374C300516B4583A1195FFE1CAC1159F9885B8AB434FD450E290C907A
                                                                                                                              SHA-512:3B7D068BC8886A1C16BFAEBE7D534ED24A30E8B31775C4B53DD2FF5D5DD8D9CE5EAC9F4F4ACDFABA9E320AAF6A5214DF9FF99BF3B27696FEDCD157A9DB5FF3A1
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1_..P1..P1..P1..(2..P1..(4.|P1..(5..P1../..P1../4..P1../5..P1../2..P1..(0..P1..P0..P1...5..P1...3..P1.Rich.P1.........................PE..d......f.........."....%.....V................@.............................`.......t....`.....................................................P....p....... ..."...........`..\...P...................................@...............x............................text............................... ..`.rdata...).......*..................@..@.data...83..........................@....pdata..."... ...$..................@..@_RDATA..\....P......................@..@.reloc..\....`......................@..B.rsrc........p......................@..@................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\Microsoft.AspNetCore.WebUtilities.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):106256
                                                                                                                              Entropy (8bit):6.155022151856147
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:rOGQCwZem2rc8nyXYoL2vCEp+bXODldYxxMU:rltc8npc
                                                                                                                              MD5:E7A18AF72D80765AB8D3EF3F819B1F6E
                                                                                                                              SHA1:067477F28545B37713CBC9FEA7EF8EBF8AA2671F
                                                                                                                              SHA-256:D9C23BCC842BC63045C7DE955268F2D9B337CFF348F369A4A1AA01927F078A10
                                                                                                                              SHA-512:71891607EAF5DDD1491C4820CEFC6BE02D4DADDAF665A697149F4A5CB066CF89AEFAFD8F68909F908E98FDBBC12586ECED6E0E599E52646BE12146119D5B5EE0
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....j..........." ..0..l..........:.... ........... ..............................`.....`....................................O.......p............v...).............T............................................ ............... ..H............text...Pk... ...l.................. ..`.rsrc...p............n..............@..@.reloc...............t..............@..B........................H.............................l.......................................N($...r...p...(%...*F($...rA..p.(&...*"..('...*"..(...+*"..(...+*"..(...+*"..(...+*&...(...+*&...(...+*&...(...+*&...(...+*..(9...*..(5...*:...(/...(....*..(0....r...p('.....}......}.......o1...}....*b.{.....{.....{....s2...*f.{....o3...-..{.......*.*2.{....o4...*2.{....o5...*2.{....o6...*2.{....o7...*R.{....o8....{....jY*.0............j/.r...p..m...r...ps9...z..o8...3.*..{....o8...0P.{....o8....Yi...{...

                                                                                                                              C:\Program Files\WasabiWallet\Microsoft.CSharp.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1005848
                                                                                                                              Entropy (8bit):6.717707249730963
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:+uz94uYWl+9whtbSp1HVu9yHxsCpDUD3Ix:H54uZ++tbQHVu9yHxgrI
                                                                                                                              MD5:81CD1CD6049A197FCEFBF666ECF726E0
                                                                                                                              SHA1:4F39F6822328A8660B1B44A16EC708543D197BA7
                                                                                                                              SHA-256:73CD7F4BB7214642BE2891C70E8E9A538CB11ADFF16167998C64E75A943D2566
                                                                                                                              SHA-512:B9D4850C88D86236D31DAE5B416714672C9AB418B117E489EFED914656DC81B4C5E5E2F1EB094B112DFA03D67B45BB7B34117FC59E9DF9D320D0B5DA8ACD9E1A
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...t"{..........." ..... ...................................................0......pF....`...@......@............... ..................................`....*..TQ...0...)...........;..p...........................................................`...H............text............ .................. ..`.data........0.......0..............@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\Microsoft.Data.Sqlite.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):173088
                                                                                                                              Entropy (8bit):6.162408773853627
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:UQ6ovsFTqBMQ2vQD/8iKdRIaM6l2ZOtFOf+GB6Oh77Dug7ftAUgIjeCke9zBh:8ovNfDkDdv/pDA+BU5eCh9z
                                                                                                                              MD5:D8470D2D8A5B9BE3FE660767F1C18F44
                                                                                                                              SHA1:6E8FA9038281001CD12C5B27C0183C453C3A5656
                                                                                                                              SHA-256:29981956955DA36990B3CFC93FE50597EEACAE669663E230BEF519D5693BB2FB
                                                                                                                              SHA-512:DE610E7E56976E5051CF72624DDCDE8B0B7E9445B9CA36D150BC4A8794C81F8F383E806BC706D88C2C6C50F3FEC84145D43D3CF86879177F9A05492E6B7D6051
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....M..........." ..0..p.............. ........... ...................................`.....................................O....................|.. (..............T............................................ ............... ..H............text....o... ...p.................. ..`.rsrc................r..............@..@.reloc...............z..............@..B........................H........................z.. ...........................................F.o-...-..*.(....*2.(/...%-.&.*..0............(....*.0..(........(0...Q~.....P..o1...-..........*.s2...*.s3...%r...p.o4...%r...p.o4...%r-..p.o4...%rA..p.o4........*.0../........o.......o5....o)....o.....o6.......,..o......*..........#......:...(.........*..0../........o.......o5....o)....o.....o7.......,..o......*..........#......N..rW..p......(....*.0...........(8....-..+..o9.........,.(....s:...z.-.ra..

                                                                                                                              C:\Program Files\WasabiWallet\Microsoft.DiaSymReader.Native.amd64.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1841048
                                                                                                                              Entropy (8bit):6.376188477077184
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:qz0s9kT3H8I0bo5rjwjnbRCJMy37DjZ3IrVynoT/RUqtMAIEohkGXTwImgP:qYs9m3H5rjQn1CiAnZ3yV+oTZQEoTTH
                                                                                                                              MD5:804B9539F7BE4ECE92993DC95C8486F5
                                                                                                                              SHA1:EC3CA8F8D3CD2F68F676AD831F3F736D9C64895C
                                                                                                                              SHA-256:76D0DA51C2ED6CE4DE34F0F703AF564CBEFD54766572A36B5A45494A88479E0B
                                                                                                                              SHA-512:146C3B2A0416AC19B29A281E3FC3A9C4C5D6BDFC45444C2619F8F91BEB0BDD615B26D5BD73F0537A4158F81B5EB3B9B4605B3E2000425F38EEEB94AA8B1A49F2
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._.+7..Ed..Ed..Ed..Ae..Ed3.Fe..Ed3.@e..Ed3.Ae..EdI.Ae..EdI.Fe..Ed..De..Ed..Dd.EdI.@ea.EdI.Le..EdI.Ee..EdI..d..EdI.Ge..EdRich..Ed........................PE..d......d.........." ................0~...............................................(....`A........................................0...p..../..P.... ..8.......D'.......'...0...K......T............................n..8...................P-..`....................text...L........................... ..`.rdata.............................@..@.data........@...F...,..............@....pdata..D'.......(...r..............@..@.didat..p...........................@..._RDATA..............................@..@.rsrc...8.... ......................@..@.reloc...K...0...L..................@..B........................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\Microsoft.Extensions.Caching.Abstractions.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):31008
                                                                                                                              Entropy (8bit):6.356443688331791
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:URcOgV/bgU0eZKIMtg5TAjH/Lfg19zIZ6W:wc5VDgU0eZKdgejHzfgHzIR
                                                                                                                              MD5:3C1D2A6BF381022764FCEF50FA44B68E
                                                                                                                              SHA1:78DA329EE8F50AEDDA282269CB16015E06DE2187
                                                                                                                              SHA-256:31CAEBF834B6DA88696A4A21ECB38EEFFF2623A531BE925F6BD27719583EE3E2
                                                                                                                              SHA-512:E505FBB9E8D8073CEA94EAC0541C3B7B5AAEF4EC3C71DE6A9E88C97AAC741C0F381B6A83051B7FAEB988B0B20ABC3CED14E36A904341A54A46C090576257FB99
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u.a..........." ..0..D..........~c... ........... ...................................`.................................+c..O.......\............P.. ).......... b..T............................................ ............... ..H............text....C... ...D.................. ..`.rsrc...\............F..............@..@.reloc...............N..............@..B................_c......H.......<,..d5...................a......................................*.-..(....*..s....z..(....,..-..s....z.r...ps ...z.*.(!...*..("...*:..s#...o.....*:..s$...o.....*:..s#...o.....*..{....*"..}....*..{....*....0..A.........~%......(&...-..+...('....((...,.r/..p......ro..ps)...z..}....*..{....*....0..A.........~%......(&...-..+...('....((...,.r...p......r...ps)...z..}....*..("...*..rQ..p(.....rY..p(.......s....o....*..rQ..p(.....rY..p(.......s.....o....*:...s....(....*..rQ.

                                                                                                                              C:\Program Files\WasabiWallet\Microsoft.Extensions.Caching.Memory.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):42656
                                                                                                                              Entropy (8bit):6.352674986763051
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:7IAb0IKRTtunsN+BLNp729PhwPDt5JChT4it9NQeH1hBWdeNAqXJkOmf4cuiWwfR:0S0IKQXpq2NE43ejA0qv/id9zs
                                                                                                                              MD5:D91D78C4408B4E756537D5D28BBBB4DA
                                                                                                                              SHA1:28D2F86FF290BD4585D303E7A9A455543BA7AE65
                                                                                                                              SHA-256:7900D7A4724AEBBA84C58C2E4F29ECF1257C7003245C0B474CD3F38DF6E71291
                                                                                                                              SHA-512:6D55FBDDEB28398E492FB375F0619A4296447A7A3C131EBEAB91311C8525455B406D876795B4EAB6B09A20729BF73579CD2C7401899CC2B86B5C40FF7045009A
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..t..........j.... ........... ...............................\....`.....................................O.......T............~...(..............T............................................ ............... ..H............text...pr... ...t.................. ..`.rsrc...T............v..............@..@.reloc...............|..............@..B................K.......H........=..pO..........@...X...........................................*.-..(....*..s)...z..(*...,..-..s)...z.r...ps+...z.*.~....*..0..........(....,..*..(.....o,......&...*...................0...........(.......(-...-..,..*.*.(....,.r/..p......%...%...(....*..(/...*.(....,.r/..p......%...%...%...(....*...(0...*.(....,!r/..p......%...%...%...%...(....*....(1...*..,&(....,..r/..pr/..p.(....(2...*..(3...*.*.(....,.r/..p......%...%...(....*...(4...*.(....,.r/..p......%...%...%.

                                                                                                                              C:\Program Files\WasabiWallet\Microsoft.Extensions.Configuration.Abstractions.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):27936
                                                                                                                              Entropy (8bit):6.439499005095801
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:Hxrv7hVmaET50kv96TG/FwzzRjz6qMvckxGMCWsfNWCx5kHRN78DuNNPR9zbKrQV:97hUaETSkXZp32No8D69zQGF
                                                                                                                              MD5:E1F852E450395BD9CAD83625CA41AFAB
                                                                                                                              SHA1:8A5C6332C4208E319E648C8850AB709C82EFE48D
                                                                                                                              SHA-256:FEFCDB267A73099CB90E5AF56B5EF2BCA59BED974339B3A6810352BDE23537A6
                                                                                                                              SHA-512:54FD5ACAA24C426B42AEE7B855B6614C9C1E2676D0F54683D4A2B059DB7C9BDA70988C6CEB43F488ABC34759F575CBDB75C3F0649CF932CF5FA2F53A66CF2881
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....ya..........." ..0..8...........V... ...`....... ..............................j.....`.................................oV..O....`..|............D.. )..........XU..T............................................ ............... ..H............text....6... ...8.................. ..`.rsrc...|....`.......:..............@..@.reloc...............B..............@..B.................V......H........'...)...........Q..X....T......................................*.-..(....*..s+...z..(,...,..-..s+...z.r...ps-...z.*.~....*..0..........(....,..*..(.....o.......&...*...................0...........(.......(/...-..,..*.*.(....,.r/..p......%...%...(0...*..(1...*.(....,.r/..p......%...%...%...(0...*...(2...*.(....,!r/..p......%...%...%...%...(0...*....(3...*..,&(....,..r/..pr/..p.(0...(4...*..(5...*.*.(....,.r/..p......%...%...(0...*...(6...*.(....,.r/..p......%...%...%.

                                                                                                                              C:\Program Files\WasabiWallet\Microsoft.Extensions.Configuration.Binder.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):42656
                                                                                                                              Entropy (8bit):6.265038007901513
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:vrGlacqr6kPubIQGxeVdrxiUP/iYLHji9zCxTj:vrf36kEIQGx8xiUHiA+zCR
                                                                                                                              MD5:3DD49127F7BEE55B58B72C3A48609489
                                                                                                                              SHA1:30EACA07C671C3514AB96CD9B5B130B542A34D76
                                                                                                                              SHA-256:5A47750F5C8EB91A203A743ABBDC27C7FECEEB2218D39445DF6560629477EEC9
                                                                                                                              SHA-512:50442E766402163D2423E44EA7BA0658727D9797D7930294579EEA0D8A98284E4FAB98C0423A9FDB386D3C5E53F99C5172F7563AF2FD2C9E62E062D38135F48D
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....<..........." ..0..p............... ........... ...............................u....`....................................O....................~...(..............T............................................ ............... ..H............text... o... ...p.................. ..`.rsrc................r..............@..@.reloc...............|..............@..B........................H........9...G..........d.......<.......................................*.-..(....*..s!...z..("...,..-..s!...z.r...ps#...z.*.~....*..0..........(....,..*..(.....o$......&...*...................0...........(.......(%...-..,..*.*.(....,.r/..p......%...%...(&...*..('...*.(....,.r/..p......%...%...%...(&...*...((...*.(....,!r/..p......%...%...%...%...(&...*....()...*..,&(....,..r/..pr/..p.(&...(*...*..(+...*.*.(....,.r/..p......%...%...(&...*...(,...*.(....,.r/..p......%...%...%.

                                                                                                                              C:\Program Files\WasabiWallet\Microsoft.Extensions.Configuration.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):43800
                                                                                                                              Entropy (8bit):6.353852427600607
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:MLJOZTEW1WTsTeVnrI/yqCtHUafO+ukucyOgn9zT8B:MLJOpEQzTp/AX2+uMyOg9zTc
                                                                                                                              MD5:EBF181EF6F8CBFDD9149D9D609059051
                                                                                                                              SHA1:05CD721A76C1AFB00DF1B6417E6B8B1A7F344E67
                                                                                                                              SHA-256:B5CD9DA2C3364A5B201CECB0C80E25227D27BA44D96343D2894FF8EF3FD81550
                                                                                                                              SHA-512:FA2F59833721FB50500D89AE5A3C8C7474E247A684440C01BD30D46A8962CBCBE8F216D41BBA9EBC075AC2E1EE19C37A46D0E1DB922DB23A3E261B5C68155877
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....C............" ..0..x..........j.... ........... ....................................`.....................................O........................)..............T............................................ ............... ..H............text...pw... ...x.................. ..`.rsrc................z..............@..@.reloc..............................@..B................I.......H........<...S..........................................................*.-..(....*..s+...z..(,...,..-..s+...z.r...ps-...z.*.~....*..0..........(....,..*..(.....o.......&...*...................0...........(.......(/...-..,..*.*.(....,.r/..p......%...%...(0...*..(1...*.(....,.r/..p......%...%...%...(0...*...(2...*.(....,!r/..p......%...%...%...%...(0...*....(3...*..,&(....,..r/..pr/..p.(0...(4...*..(5...*.*.(....,.r/..p......%...%...(0...*...(6...*.(....,.r/..p......%...%...%.

                                                                                                                              C:\Program Files\WasabiWallet\Microsoft.Extensions.DependencyInjection.Abstractions.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):64288
                                                                                                                              Entropy (8bit):6.123661844045704
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:KCYbKF0XEQqb72cfdGWQAE389HD6dDCN6rzf:MUbQAKuj6dGNAj
                                                                                                                              MD5:38236F9C2408BDA46C13EFEF364326FE
                                                                                                                              SHA1:03178026C200FD723BB75D08B9A4B70E93F6A45C
                                                                                                                              SHA-256:A0106A638FACAE621F870EDA720CB6C980C1D5D49C2F4351134E3FE043B9291B
                                                                                                                              SHA-512:4ABADAE40A459BE932359D6964C30E1E5FBEF300736943BAB42C1D66B5FA56C45ED10910ACF6B36C302C8A40BC364DF444220E2AF8FF5854460C6A9542FF88B7
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... .......................@......0.....`.....................................O....................... )... ..........T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......xZ...z..........h...............................................*.-..(....*..s*...z..(+...,..-..s*...z.r...ps,...z.*.~....*..0..........(....,..*..(.....o-......&...*.............. ....0...........(.......(....-..,..*.*.(....,.r/..p......%...%...(/...*..(0...*.(....,.r/..p......%...%...%...(/...*...(1...*.(....,!r/..p......%...%...%...%...(/...*....(2...*..,&(....,..r/..pr/..p.(/...(3...*..(4...*.*.(....,.r/..p......%...%...(/...*...(5...*.(....,.r/..p......%...%...%.

                                                                                                                              C:\Program Files\WasabiWallet\Microsoft.Extensions.DependencyInjection.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):92320
                                                                                                                              Entropy (8bit):6.235871806146931
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:6sS1Tz5tF1bQWVsdJCKTvZEmwbyQMUiEVzz:3QH5tsWUvZEmNQMAVn
                                                                                                                              MD5:7D40B6217FC409171015D905A22F8E85
                                                                                                                              SHA1:27A31EC52498D9DB2B09707EF603860A80FDB2CC
                                                                                                                              SHA-256:8D6E7B64CCE554F0A0FBDB2BA80745895FA0B4E6CC378B9FEDFE8CE86F0D8AE4
                                                                                                                              SHA-512:E998AB21E2A7F4DF84F33C5D7BCB6D04C11481633362F4988F3A22820AA1F84744F51503947492217668B9DB39E651D13CAB0EF09D804B961AEA2434314A3D66
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...jb{..........." ..0..6...........S... ...`....... ....................................`..................................S..O....`...............@...(...........R..T............................................ ............... ..H............text....4... ...6.................. ..`.rsrc........`.......8..............@..@.reloc...............>..............@..B.................S......H........u...............<..X... R.......................................~....*..0..........(....,..*..(.....o-......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(/...*..(0...*.(....,.r...p......%...%...%...(/...*...(1...*.(....,!r...p......%...%...%...%...(/...*....(2...*..,&(....,..r...pr...p.(/...(3...*..(4...*.*.(....,.r...p......%...%...(/...*...(5...*.(....,.r...p......%...%...%...(/...*....(6...*.(....,"r...p......%...%...%...%..

                                                                                                                              C:\Program Files\WasabiWallet\Microsoft.Extensions.Diagnostics.Abstractions.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):30368
                                                                                                                              Entropy (8bit):6.358848401482909
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:iVZvGPhQTlrYouV5vE+YlOjqmfQ4vWOfRWWTb2HRN7UI+R9zJKimp:Y+5QqnV1Zb/H/i3i9zEp
                                                                                                                              MD5:359E71422CF209C524C1FDA14A400CFA
                                                                                                                              SHA1:36D5E29FBD2A6F9E5728561B45EB0BD44F8C449B
                                                                                                                              SHA-256:BEA3CF225599B05A521902E12E23DE6A2309937DFB3763CCD2CEA62AD2C4FE37
                                                                                                                              SHA-512:A73CCA5795940F21BB1ED91CD764F35D81FAA350EAA31B08CD450B753F9C305A9B31525938F23D1DC4DEFE0F472B20A0E2E1A911AC4DCB1494AD88D03794F27A
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..@..........~^... ...`....... ....................................`.................................+^..O....`..T............N...(...........]..T............................................ ............... ..H............text....>... ...@.................. ..`.rsrc...T....`.......B..............@..@.reloc...............L..............@..B................_^......H.......p*..8/...........Y.......\......................................*.-..(....*..s....z..( ...,..-..s....z.r...ps!...z.*.~....*..0..........(....,..*..(.....o"......&...*...................0...........(.......(#...-..,..*.*.(....,.r/..p......%...%...($...*..(%...*.(....,.r/..p......%...%...%...($...*...(&...*.(....,!r/..p......%...%...%...%...($...*....('...*..,&(....,..r/..pr/..p.($...((...*..()...*.*.(....,.r/..p......%...%...($...*...(*...*.(....,.r/..p......%...%...%.

                                                                                                                              C:\Program Files\WasabiWallet\Microsoft.Extensions.Diagnostics.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35488
                                                                                                                              Entropy (8bit):6.418741106825241
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:gCuMWVBZb1alK3/uT6Bmagz9/igi9zEBk:gC6Ul0NJaFig+zEBk
                                                                                                                              MD5:95394D501F27980F2A11C37EAB609E7C
                                                                                                                              SHA1:C4AD5AD3C15818709379B384053CBC34658A24A4
                                                                                                                              SHA-256:5C83650F1C0A15C8E3831A4D48008B3BAA338505A3BE48780A3D86C2CD4662A0
                                                                                                                              SHA-512:6E27DB3770BAD9766D397F4B9317C3B2AA76198ECF0A77FCB44970EF79B65E00EE51D84306D8A05DE9A49C49D90F9EBCD7E11961627754D00979618DA5AFE7A3
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....3............" ..0..X...........v... ........... ....................................`.................................yv..O....................b...(...........u..T............................................ ............... ..H............text....V... ...X.................. ..`.rsrc................Z..............@..@.reloc...............`..............@..B.................v......H........6..<;..........Hq.......u......................................*.-..(....*..s....z..(....,..-..s....z.r...ps ...z.*.~....*..0..........(....,..*..(.....o!......&...*...................0...........(.......("...-..,..*.*.(....,.r/..p......%...%...(#...*..($...*.(....,.r/..p......%...%...%...(#...*...(%...*.(....,!r/..p......%...%...%...%...(#...*....(&...*..,&(....,..r/..pr/..p.(#...('...*..((...*.*.(....,.r/..p......%...%...(#...*...()...*.(....,.r/..p......%...%...%.

                                                                                                                              C:\Program Files\WasabiWallet\Microsoft.Extensions.FileProviders.Abstractions.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):22176
                                                                                                                              Entropy (8bit):6.521828925730812
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:ggH8Tv2So+MVV1CMHWs/hWuTb2HRN7TI+R9zJKhJ:ggcTvlGFtr/iMi9zEhJ
                                                                                                                              MD5:504ACFD4F683B6F4859D240C1F6CD749
                                                                                                                              SHA1:AE54915150997136F132BF61BDD9E7859F56D9BB
                                                                                                                              SHA-256:F08B1F597ABB3647AB6E844282DED763E6078DBEF6DD54B9D956CA419FAC42FE
                                                                                                                              SHA-512:A05F8507A8830AC33C45942BAE06C49A23242F35B4C01B3D677F8FEF0199C8CDBD956967BB73374BC52956D3BBFC82D422885800006C644D4C4AEA4717287239
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Pm..........." ..0.."..........JA... ...`....... ....................................`..................................@..O....`...................(...........?..T............................................ ............... ..H............text...P!... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............,..............@..B................+A......H.......T#.............. <..@...`?.......................................~....*..0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....( ...*..(!...*.*.(....,.r...p......%...%...(....*...("...*.(....,.r...p......%...%...%...(....*....(#...*.(....,"r...p......%...%...%...%..

                                                                                                                              C:\Program Files\WasabiWallet\Microsoft.Extensions.Hosting.Abstractions.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):51360
                                                                                                                              Entropy (8bit):5.876621282473849
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:G1xwFY6xnU7GjPb6vXCMVOm4e+X9CzJ67Mo7tKoV2nwsyQYvZt164yCmi3FbTojf:FFJnU7GjPb6vxWFvTbTojVi8zz
                                                                                                                              MD5:AE682F374A15699EDDD7399ED9584370
                                                                                                                              SHA1:0E6060C65E140E033C18C683FEB5AA7833B1C119
                                                                                                                              SHA-256:1765C6147ED43B7CE3C0E98DB3367791A3821DEF124775015BDCE6278F9295C5
                                                                                                                              SHA-512:79C2967DCD369513ECC160F7C700886DC15D318D662A2F035CE78567600654A414B6E2394A702B383284ABD8283D1E1B29F22D21F2D452ECDF6EF252A9DC1176
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....:..........." ..0.............".... ........... ....................................`....................................O.......8................(.............T............................................ ............... ..H............text...(.... ...................... ..`.rsrc...8...........................@..@.reloc..............................@..B........................H.......P/..................H...D.......................................*.-..(....*..s"...z..(#...,..-..s"...z.r...ps$...z.*.~m...*..0..........(....,..*..(.....o%......&...*...................0...........(.......(&...-..,..*.*.(....,.r/..p......%...%...('...*..((...*.(....,.r/..p......%...%...%...('...*...()...*.(....,!r/..p......%...%...%...%...('...*....(*...*..,&(....,..r/..pr/..p.('...(+...*..(,...*.*.(....,.r/..p......%...%...('...*...(-...*.(....,.r/..p......%...%...%.

                                                                                                                              C:\Program Files\WasabiWallet\Microsoft.Extensions.Http.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):88736
                                                                                                                              Entropy (8bit):6.151774471231546
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:w+TqBUaumtB8dThJyB8Hy1Uf1p33YpyEflX6YZH265djWtniNhzULk:w+b9dThRH7P33YpyEfgYZH2YxCGhYg
                                                                                                                              MD5:555F5E416BDA76F156E9FFEEA6ED19DE
                                                                                                                              SHA1:84E55F0F94908B1FF404C063F49719AAD96E9CA6
                                                                                                                              SHA-256:D2D48C083B235E50D7FDE369930131D6CB2941C2C6EC727958A23D45E8048B55
                                                                                                                              SHA-512:0C88622CE589328EF335201CEDDC3ADDA9F4FE748A58BF4DF589D6FA546BDB217F5CC4FB5F304C8E26601B8F5F35CD5E01EA690A2E1FA616ED85B66CD7401FD8
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..../..........." ..0..$...........B... ...`....... ...............................7....`..................................A..O....`.. ............2...(...........@..T............................................ ............... ..H............text...."... ...$.................. ..`.rsrc... ....`.......&..............@..@.reloc...............0..............@..B.................A......H.......\p..............d:......D@......................................*.-..(....*..s+...z..(,...,..-..s+...z.r...ps-...z.*.~....*..0..........(....,..*..(.....o.......&...*...................0...........(.......(/...-..,..*.*.(....,.r/..p......%...%...(0...*..(1...*.(....,.r/..p......%...%...%...(0...*...(2...*.(....,!r/..p......%...%...%...%...(0...*....(3...*..,&(....,..r/..pr/..p.(0...(4...*..(5...*.*.(....,.r/..p......%...%...(0...*...(6...*.(....,.r/..p......%...%...%.

                                                                                                                              C:\Program Files\WasabiWallet\Microsoft.Extensions.Logging.Abstractions.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):65184
                                                                                                                              Entropy (8bit):6.263794299281806
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:Uz7ouSrbVozuvi53ReiJd/zk6cuAJU/JJeUuvBtkJJQiH2hsm+YY/iDHji9zVN:vuoVozugRhTeU+AQ5+Ywi/+zVN
                                                                                                                              MD5:F48C45D592355ECC709677347E7F053D
                                                                                                                              SHA1:3E39AB7134F3FF4D1747E2FD46734826DE4787E8
                                                                                                                              SHA-256:29E6BFAF5CE079AD4D70DC547D966038992A7428DF6E726084EB9010EC837715
                                                                                                                              SHA-512:7F0A48988377A1DCB49B4A56A897C05F70EAD34A08788CE8584BE0C326B3DEBE56CB8E7225710AEE5E676C02A0D1C4A51160056B98189ABDAF2CFD9B4A61E4B2
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~............." ..0.................. ........... .......................@......uV....`.................................G...O........................(... ......<...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................{.......H........Q..`...........................................................*.-..(....*..s1...z..(2...,..-..s1...z.r...ps3...z.*.~....*..0..........(....,..*..(.....o4......&...*..............!....0...........(.......(5...-..,..*.*.(....,.r/..p......%...%...(6...*..(7...*.(....,.r/..p......%...%...%...(6...*...(8...*.(....,!r/..p......%...%...%...%...(6...*....(9...*..,&(....,..r/..pr/..p.(6...(:...*..(;...*.*.(....,.r/..p......%...%...(6...*...(<...*.(....,.r/..p......%...%...%.

                                                                                                                              C:\Program Files\WasabiWallet\Microsoft.Extensions.Logging.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):50848
                                                                                                                              Entropy (8bit):6.353702619663818
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:SbyNvwqX2LvG84aSFWZNSYv6VmTygGPSikiw64yw64Ibdez7+Rs7XTfWDs/idaiy:nd2C9a2+EYYbgGB4ImYYWDMida+zET
                                                                                                                              MD5:5D938DC7EA664A133622C549C75F34F9
                                                                                                                              SHA1:31BE5DA67B58F47282F4581A587BB39D9CBC17E7
                                                                                                                              SHA-256:4330A5EFE9D110AFB7F8E567D5B43EEE976E0F7F6802D13A211B65D747529179
                                                                                                                              SHA-512:B38899246011715224C32ECB6CCB41C4FA338AA32A72C3AC20DA8E1FDA4A2237C5812B1CE6A4F327F2EBFD878F7A25CDF6C2EA60315FDA8469D15E0DCBF5D57D
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t.0..........." ..0.............Z.... ........... .............................. .....`.....................................O.......(................(..............T............................................ ............... ..H............text...`.... ...................... ..`.rsrc...(...........................@..@.reloc..............................@..B................9.......H.......lD..pi.........................................................*.-..(....*..s....z..(/...,..-..s....z.r...ps0...z.*.~....*..0..........(....,..*..(.....o1......&...*...................0...........(.......(2...-..,..*.*.(....,.r/..p......%...%...(3...*..(4...*.(....,.r/..p......%...%...%...(3...*...(5...*.(....,!r/..p......%...%...%...%...(3...*....(6...*..,&(....,..r/..pr/..p.(3...(7...*..(8...*.*.(....,.r/..p......%...%...(3...*...(9...*.(....,.r/..p......%...%...%.

                                                                                                                              C:\Program Files\WasabiWallet\Microsoft.Extensions.Options.ConfigurationExtensions.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):22688
                                                                                                                              Entropy (8bit):6.494196986897325
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:wvKGKA3a66KxTfdzWzP0W6Tb2HRN7A6aR9zrLJ:iKG/L1c8/iA6W9zXJ
                                                                                                                              MD5:7614FB667570CEFA80663BED67A296C0
                                                                                                                              SHA1:6BC007EF8B70222FF136A7EC4D0B96741FF0A9C8
                                                                                                                              SHA-256:B9EA7BB70BFECF5C649F2559300FCE232729257CFDB4221DC96F1EA778227353
                                                                                                                              SHA-512:FE26B2AF3ABFF2F966F163899A669D58B916CF983FAF9ADD5D4A1626ACB5EEDCE6D167725C679BDF7068A95E7F9E1F70E8BDFF916FF711FB45DEEBD192DE5739
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...J/..........." ..0..&...........D... ...`....... ....................................`..................................C..O....`...............0...(...........B..T............................................ ............... ..H............text....$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc..............................@..B.................C......H.......t#.......................B......................................*.-..(....*..s....z..(....,..-..s....z.r...ps....z.*...~ ...%-.&~!....."...s#...%. ...(...+*..r/..p(.....o$....o%.....(...+&.*...0..P.......s&......}'.....}(....r/..p(.....{'...rM..p(........)...s*...o...+&.o$...(...+&.*6.~-....(...+*....~....%-.&~/.....0...s#...%.....(...+*:.~-.....(...+*..rq..p(.....r...p(.....(1...&...s2...(...+&....s4...(...+*6.~-....(5...*..(6....r...p(......}7.....%-.&~-...}8...*..{

                                                                                                                              C:\Program Files\WasabiWallet\Microsoft.Extensions.Options.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):64672
                                                                                                                              Entropy (8bit):6.306907052113454
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:GahqHoZX+NmzYUGrCUidKHPhwMEyBoXeMi0zy:GYXfFGrCLQvhwME1XewO
                                                                                                                              MD5:2F6F0C47136E38C0587D70B71D1B14FE
                                                                                                                              SHA1:67BB0AF9A1AD1B273D3C2D7BE753DDF4656FE38E
                                                                                                                              SHA-256:5F9B0E589F1CE9CA656588CD92CC0BD53803FDFAD258FB2916AAA14AEDCE682C
                                                                                                                              SHA-512:2E15CB0F2F9934AC849C965B663F25B6FB15C4CE3BF674B693E481B92679E48AF5F4013AFDA69595F0E3308803632578579BD45E01CA54037949C9F42B94367E
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....u..........." ..0.............Z.... ........... .......................@.......1....`.....................................O.......H................(... ..........T............................................ ............... ..H............text...`.... ...................... ..`.rsrc...H...........................@..@.reloc....... ......................@..B................9.......H.......LJ..............................................................*.-..(....*..s-...z..(....,..-..s-...z.r...ps/...z.*.~....*..0..........(....,..*..(.....o0......&...*...................0...........(.......(1...-..,..*.*.(....,.r/..p......%...%...(2...*..(3...*.(....,.r/..p......%...%...%...(2...*...(4...*.(....,!r/..p......%...%...%...%...(2...*....(5...*..,&(....,..r/..pr/..p.(2...(6...*..(7...*.*.(....,.r/..p......%...%...(2...*...(8...*.(....,.r/..p......%...%...%.

                                                                                                                              C:\Program Files\WasabiWallet\Microsoft.Extensions.Primitives.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):43680
                                                                                                                              Entropy (8bit):6.298455087782778
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:CKEGbmbB0QERF7v6EtkKS+1ke97a1O33ttBOP7yW5yfyqTuia+15OFyx/iCL9zRv:CpGe0QERFhkKSM7ag33ttBOP7yVfHTuu
                                                                                                                              MD5:F45226E320F41097397B1BA7468C2D1C
                                                                                                                              SHA1:1181845C7D16AC4C525EEC67EC3A6DCFAA78A433
                                                                                                                              SHA-256:446FF16E903E7479558816E213A3ADEE9A1C1ADAD65A56D853801B10933E29D7
                                                                                                                              SHA-512:417466F57FA8C6D942BE5D86B14DA5915D507DFBD7AA8D2700B4DD79A9668897A6A6ABAAB225BE45076BDB8D86CCF4777BB3C699B4002A081E4407604F4E2F87
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...7............." ..0..v............... ........... ..............................u.....`.................................?...O.......l................(..........H...T............................................ ............... ..H............text....t... ...v.................. ..`.rsrc...l............x..............@..@.reloc..............................@..B................s.......H.......d<..LP..........................................................~....*..0..........(....,..*..(.....o6......&...*...................0...........(.......(7...-..,..*.*.(....,.r...p......%...%...(8...*..(9...*.(....,.r...p......%...%...%...(8...*...(:...*.(....,!r...p......%...%...%...%...(8...*....(;...*..,&(....,..r...pr...p.(8...(<...*..(=...*.*.(....,.r...p......%...%...(8...*...(>...*.(....,.r...p......%...%...%...(8...*....(?...*.(....,"r...p......%...%...%...%..

                                                                                                                              C:\Program Files\WasabiWallet\Microsoft.Net.Http.Headers.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):84656
                                                                                                                              Entropy (8bit):6.104731794366798
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:5UsS7gYQlkBzY9wKFDf9gp8GhZf/fQRfqVxzQ:5VSzQlkBzY7Dl3GhZf/4Rfqv0
                                                                                                                              MD5:81F3FCEFCA786D05EC6439F4CD318E69
                                                                                                                              SHA1:6C9EA381829CBE6911D805ED8D3B1A7AE7E6A0A7
                                                                                                                              SHA-256:68EAF9FCAA6B1EB38218E3422CF4C25890DF4B35CE35596320FBC333C8D64261
                                                                                                                              SHA-512:8B8281C0FEF2AD1FFB71BA538DEDB60AD7F5855DC4F52A3CD6A03A5BE15C967E8611AF362F2EF654CB901E5CFD81362552D5C4F5A25E2CFF2F98B321018E43DA
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............6... ...@....... ...............................]....`..................................5..O....@..............."...(...`.......4..T............................................ ............... ..H............text...P.... ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................5......H.......T.......................P4......................................"..( ...*....0..................(!...-..J..("...3..(#...*..J.(#.....(......,..(#...-..*...("...3..(#...,...T.(#...*.....o$.....-..*..X....(#.....(......,..(#...,..-....(".../..*..T........*..(%...*..{....*"..}....*..{....-..~.....s&...}.....{....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*

                                                                                                                              C:\Program Files\WasabiWallet\Microsoft.VisualBasic.Core.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1247496
                                                                                                                              Entropy (8bit):6.749189355212915
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:msvjzOPj/l85S+MfS/eOUCxRepC36Rk3iR/FqUx:msvjzOP7yGfS/TZd3iH
                                                                                                                              MD5:C55D2642BCC8587C7983BB25A0B50E4A
                                                                                                                              SHA1:D31227E6C76CF60A1443DDD3BAEAED595CA0A7B1
                                                                                                                              SHA-256:DBDC747FCC5C2D271B8820D3CD87B24CD5D6B98FC5482741C60B3E4D22731293
                                                                                                                              SHA-512:87457898094D61374608B5CF3196BE937C57328B9B154375B50B21401042B746C60143335672E2FC87E074C5C6B1096F27274FE76BDA03618A7D6DAF8E99F2A1
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." ................................................................3.....`...@......@............... ..........................................d_.......)...........>..p...............................................................H............text............................... ..`.data...............................@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\Microsoft.VisualBasic.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):17568
                                                                                                                              Entropy (8bit):6.58983180197866
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:Bku3cLGxWmHnz59QdWHTb2HRN7FTtHNsAR9zaJLj:iuMLcDz/iFRts89z0j
                                                                                                                              MD5:1FB7B99D9B43BC407AC400881057541B
                                                                                                                              SHA1:FC4A5E3954606A5D84625ADA62F9698E8640248E
                                                                                                                              SHA-256:E22B5DC581C8D8129B2B9D12CB411C2AC10D9526FD83BC66751F11210236D5B0
                                                                                                                              SHA-512:B53F3FDFA9FCAEB6510A1DD49DC71674295BCB29AA92862A6F04E0A92878A65FD039FA708AC3B54D5F1A8DDE5C17ED8FF9CC3478598DDB06FC9C13560BF9C422
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a.D..........." ..0.............B1... ...@....... ..............................S.....`..................................0..O....@...................(...`.......0..T............................................ ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................#1......H.......P ..4..................../......................................BSJB............v4.0.30319......l.......#~..,...t...#Strings............#US.........#GUID...........#Blob......................3................................K.....C.................................J.....~...........b...........G...........c.....................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\Microsoft.Win32.Primitives.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):15624
                                                                                                                              Entropy (8bit):6.822471426637103
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:4i2TKWh6zOpWl+gTb2HRN7/4XC4deR9zZjy6rRds4:4b6OO+g/i/4XC4dC9zZjyir
                                                                                                                              MD5:E8E7F8A5FA85E6D0C0C5852F196C4335
                                                                                                                              SHA1:2D4C331299A4DFA78F32AC42E04E179ED371E91D
                                                                                                                              SHA-256:9E19D7D3973956AAC57FAD7417973F8713C2E1710D8A3742A5B9F2C531B306B5
                                                                                                                              SHA-512:B1FB020158DB90DD97EB71554D649273B75400CF82D65957E6253CBB1BF3ED7407CC6625F61646CD9214B305C28407402341DCF377D0EB9DCFEEB1E3451A8CE4
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."!..0..............)... ........@.. ....................................`..................................)..Z....@...................)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H........ ......................P ........................................o..~.?.E...\J<5......P...'......P...#..D...m{:.>o...c6U9..(..CL..Q//.JI..~f2...s.B2......%('..|.J4dB=.(.x...E.t.P..BSJB............v4.0.30319......`.......#~..(.......#Strings............#GUID... .......#Blob......................3................................................"...........;.l.........f.....!.E.....E.....>.................E...[.E.....E.....E.....E...B.E...O.E...v.............

                                                                                                                              C:\Program Files\WasabiWallet\Microsoft.Win32.Registry.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):120992
                                                                                                                              Entropy (8bit):6.140435712906473
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:mnI19wrxckbGKzcNqJSvEVcULViDwiE1SCV:mfz6KYqJSvEVz3Dr
                                                                                                                              MD5:7C9C169E37065C3F3DB701C5957F0CBC
                                                                                                                              SHA1:B2712CB7A190368B4B19F2531219A1A66F7A2C76
                                                                                                                              SHA-256:15B4A69FDCA01D9C2B253BA0A50F1BF4F88FA388C4991967A0B71ABC6282EE0B
                                                                                                                              SHA-512:129E69CCBBE56CCE435A7EE2CF2C1C3E8D55D86253A1C402881983AC5112FF62C999E5844BA733F55F8CDF34CD3828BD16D8DD07195C19B3ED7FC31B5F5350F1
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...b.I..........." .....p...0............................................................`...@......@............... .......................................4...........(..........0...p...............................................................H............text...Kh.......p.................. ..`.data...a........ ..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\Microsoft.Win32.SystemEvents.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):58632
                                                                                                                              Entropy (8bit):6.43033203991511
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:zlhyq8EIy1Q4K/TdKCvi7Z/49+GrrgGAkEDGuGP7z/iGan9zT8xdr:zlY95dKCqN/4IGrtsD6DjiGa9zTGr
                                                                                                                              MD5:54024AA290A25FE7B8EEE83F793725BF
                                                                                                                              SHA1:043B5FC90BFF04E5DC66C6290B54BB72DA9E3564
                                                                                                                              SHA-256:B3327CD3A71A4CC2A246AA5BD36C23C738D88F1724D0EA2F4F550623C9DAF55E
                                                                                                                              SHA-512:8345C75B24F4BED85F3A370B14CCE773107D06974A7772C97422808D04A238B78D111F1140F3ADE0461856FC30F82F7E45171BEBF3461F1CB7B5B697DD130057
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... ....................... ............`.................................a...O.......d................)..........h...T............................................ ............... ..H............text........ ...................... ..`.rsrc...d...........................@..@.reloc..............................@..B........................H........>.. ...........(................................................~....*..0..........(....,..*..(.....o#......&...*..............+....0...........(.......($...-..,..*.*.(....,.r...p......%...%...(%...*..(&...*.(....,.r...p......%...%...%...(%...*...('...*.(....,!r...p......%...%...%...%...(%...*....((...*..,&(....,..r...pr...p.(%...()...*..(*...*.*.(....,.r...p......%...%...(%...*...(+...*.(....,.r...p......%...%...%...(%...*....(,...*.(....,"r...p......%...%...%...%..

                                                                                                                              C:\Program Files\WasabiWallet\NBitcoin.Secp256k1.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):117248
                                                                                                                              Entropy (8bit):5.870148256131332
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:B/k4o6Q1Kk0dAcsyM8DF4JVrjCQLalm8DOP2k4yHtsGUxkzPqXkNMcGW6y1d0mp:DQMdM/Jx9HtsGUAukNMhW6yXdp
                                                                                                                              MD5:979538F5BD72E19202B5C38B636662B7
                                                                                                                              SHA1:A42BDA67CC31E38DD637D754C92586E9BB852697
                                                                                                                              SHA-256:B58DC40DFDEFFD9D5EB4AEC162F7DC73B23FA576C3A2B40749CB23A11DE3FA04
                                                                                                                              SHA-512:87318F4E5F9ABDE25A717ACE9EEE4C4CC6D296652368A5D0921A272A596C1B4BBE8E2F1346023C67438FAD535D8CFBC9FAE1599CF84A05D7F182A27CF7D0E98F
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...aM............" ..0.................. ........... ....................... ............`.................................l...O.......|...............................T............................................ ............... ..H............text...@.... ...................... ..`.rsrc...|...........................@..@.reloc..............................@..B........................H.......H1..@.............................................................(....*^.(.......1...%...}....*:.(......}....*:.(......}....*...0..>........|^...(........(......(....-..+..R.|]...(..........(....(....*...0..T..........(......(....-.........*...(....G......(....G...........*....(....G....(....-..*.*~.(......q"...}......q"...}....*.0..7..........sn.....,...Q.*... (......sn.....,...Q.*.....s....Q.*..|.....(~....|....... (....(~...*....0...........@.1......( ...(.....*..

                                                                                                                              C:\Program Files\WasabiWallet\NBitcoin.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1533440
                                                                                                                              Entropy (8bit):5.846903307178893
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:fKEowL0Ln+ng8IJ21JKQzw2g7xo3cSO9vBo5dc:fMtr5UkYcSO9v
                                                                                                                              MD5:C3DC67AAD0175D173E147979EED1FC14
                                                                                                                              SHA1:E395B2D6BA1E6350FFAF0121904BEEA9C041D7CC
                                                                                                                              SHA-256:849197CC21C721EF40AD21ADBACF3165E54C934493A739F261E43DBE54E78586
                                                                                                                              SHA-512:6A4800D7FCF956FB6279B9C0B4504A229BE6B8EAB102614492251A9101D69261790642CF37D9A34EB037D49EBF5BA894B5C6252DAD88905C908419982E5CD2BB
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v.(..........." ..0..^............... ........... ....................................`.....................................O.......................................T............................................ ............... ..H............text....]... ...^.................. ..`.rsrc................`..............@..@.reloc...............d..............@..B........................H...........dR............................................................{d...*..{e...*V.(f.....}d.....}e...*...0..A........uv.......4.,/(g....{d....{d...oh...,.(i....{e....{e...oj...*.*.*. .... )UU.Z(g....{d...ok...X )UU.Z(i....{e...ol...X*...0..b........r...p......%..{d......%qO....O...-.&.+...O...om....%..{e......%qy....y...-.&.+...y...om....(n...*..{o...*..{p...*V.(f.....}o.....}p...*.0..A........uz.......4.,/(g....{o....{o...oh...,.(i....{p....{p...oj...*.*.*. .o. )UU.

                                                                                                                              C:\Program Files\WasabiWallet\Newtonsoft.Json.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):695336
                                                                                                                              Entropy (8bit):5.949751475248509
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:1eos/POdGV5jfWrV/9Yeh9eRcyLfLYtT5mWxTZ/B7jW5JMtRRpKzQk:10/POdGV5jfW5VnhFyvOB7jW5JMty
                                                                                                                              MD5:916D32B899F1BC23B209648D007B99FD
                                                                                                                              SHA1:E3673D05D46F29E68241D4536BDDF18CDD0A913D
                                                                                                                              SHA-256:72CF291D4BAB0EDD08A9B07C6173E1E7AD1ABB7AB727FD7044BF6305D7515661
                                                                                                                              SHA-512:60BD2693DAA42637F8AE6D6460C3013C87F46F28E9B0DBF9D7F6764703B904A7C8C22E30B4BA13F1F23F6CBEE7D9640EE3821C48110E67440F237C2BB2EE5EB6
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..t..........N.... ........... ....................................`.....................................O....................~..(........... ...T............................................ ............... ..H............text....s... ...t.................. ..`.rsrc................v..............@..@.reloc...............|..............@..B................-.......H........p................................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{Z....3...{Y......(....,...{Y...*..{[.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                              C:\Program Files\WasabiWallet\QRackers.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):346624
                                                                                                                              Entropy (8bit):6.1969932881782155
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:edhjFtih7u6wRLX8MiDVQRY13tssssH/76D1LtK/9isc715hl9:qhjFtE59B13tssssH/76DK9G5l
                                                                                                                              MD5:7C111B60144C5BC534CD3D9665F6E346
                                                                                                                              SHA1:AC6EF2038582F6C6449210717E15EAF171A84BEF
                                                                                                                              SHA-256:66B129F8223961F593AD2CAD780EB5F7AC5F14C43798C3CA5656172D66564B35
                                                                                                                              SHA-512:9ED48004AFC56BA87D20132CE86FB9371D69C7F53F6DC8F15C7D9DFC3095E6AAE271CD7D82A49F4CF019586F67AF80A52308E1CC0FAE4B8194DD62955F03CA30
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..B...........U... ........... ....................................`.................................OU..O.......$...........................tT..T............................................ ............... ..H............text...h@... ...B.................. ..`.rsrc...$............D..............@..@.reloc...............H..............@..B.................U......H............Y............................................................{7...*..{8...*..{9...*r.(:.....}7.....}8.....}9...*....0..Y........u........L.,G(;....{7....{7...o<...,/(=....{8....{8...o>...,.(?....{9....{9...o@...*.*.*....0..K....... 59.. )UU.Z(;....{7...oA...X )UU.Z(=....{8...oB...X )UU.Z(?....{9...oC...X*..0...........r...p......%..{7......%q.........-.&.+.......oD....%..{8......%q.........-.&.+.......oD....%..{9......%q.........-.&.+.......oD....(E...*..(F...*^.

                                                                                                                              C:\Program Files\WasabiWallet\ReactiveUI.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):302136
                                                                                                                              Entropy (8bit):6.501923960364023
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:EhS8h+x/DLIYTnf7MZAbQ1LJPHTCtCCpAluReOAfNxqzSFQpGMMIv+v0vfvjvqvK:EhS86DkWNtZelksFxtiz9V1or72
                                                                                                                              MD5:CB35EE743A0D1CB032849A15824F3EB1
                                                                                                                              SHA1:653EF07DAB4C2903E7E674BEED0B970E6113373B
                                                                                                                              SHA-256:620B8AEB14CDD6143D3FCB5273AF510CD898E50B08B6DD717BA124EB64E77BB5
                                                                                                                              SHA-512:70373145D0AA17DE57CAA2D39D0D04080905EEACFE99C51CC3810630C7C3B516C500A7196284161A9E3C90F27FEC6166291BA78B185ED4C6C639C49BBB7DB16A
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....hk..........." ..0..j............... ........... ...............................v....`....................................O....................r..8*..........8...p............................................ ............... ..H............text...4h... ...j.................. ..`.rsrc................l..............@..@.reloc...............p..............@..B........................H...........@.............................................................{"...*..{#...*V.($.....}".....}#...*...0..A........u........4.,/(%....{"....{"...o&...,.('....{#....{#...o(...*.*.*. A.(. )UU.Z(%....{"...o)...X )UU.Z('....{#...o*...X*...0..b........r...p......%..{"......%q.........-.&.+.......o+....%..{#......%q.........-.&.+.......o+....(,...*..{-...*..{....*V.($.....}-.....}....*.0..A........u........4.,/(%....{-....{-...o&...,.('....{.....{....o(...*.*.*. 4.J. )UU.

                                                                                                                              C:\Program Files\WasabiWallet\SQLitePCLRaw.batteries_v2.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):5120
                                                                                                                              Entropy (8bit):4.252669798999681
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:6++l66XzBaMl04HQpcIcU1N4zOuSOiW9TWC4m6bwci0AAwna45+LsnOVjKv0vY:41aMK4wpcI/Yz1SOx9Cm6bwqAAXuo
                                                                                                                              MD5:2A5AB1913BD6F93F3CECA567AFA9718A
                                                                                                                              SHA1:60E317299AB6B93CC0F003F3507A598525D96CF1
                                                                                                                              SHA-256:E2709FDA3EE4137DCEA3398221F0AFCD6241DB0EA6FA55FD31A33610BE78CF02
                                                                                                                              SHA-512:6B4E6F244F0B9F67D50E11D932F9900F70F3D0A6579F76CDB05BB84FDB341FFF20A7B0B2D7C60F2D420B617E04B56F9F0F50CA4859F8FD927B6B2954199579E2
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...&%............" ..0..............)... ...@....... ....................................`.................................u)..O....@..`....................`......X(..T............................................ ............... ..H............text........ ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B.................)......H.......d ..t....................'.......................................(....*.s....(....*.BSJB............v4.0.30319......l.......#~..L.......#Strings............#US.........#GUID.......`...#Blob...........G..........3................................................p.i.....i.....V.................!...4.!.....!...S.!.....!.....!.....!.....!.........H.k.....k...3.k.....b...............k.9...........k.9.....P ............W ..............P.....P.....P...).P...1.P...9.P...A.P...

                                                                                                                              C:\Program Files\WasabiWallet\SQLitePCLRaw.core.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):50688
                                                                                                                              Entropy (8bit):5.811409220314285
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:jmOGveifSTtyXEQ3nPGLb4PFvSMJCD2j+SIfHq1wJd9P581IADm/Dskqd:FLTtyXEQ3+bO6U+dlrPi14LsX
                                                                                                                              MD5:E4823410682299E5A17619043C789EFB
                                                                                                                              SHA1:410D31CA04AF5264F265DF10DE499416225A0962
                                                                                                                              SHA-256:C33995427EDD44FA641CF702DF8B63CC82CB7054DD984DC8277D15EE7C958874
                                                                                                                              SHA-512:5DDF9C356CB813BCA2097184CB16172A6B3D70CFB17CD11216CD1268550C2C897BC0C42A6675720E334EBF150EBB3725185380BB5822D9B4D953B00EC0B21583
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...,b............" ..0.................. ........... ....................... ............`.....................................O.......0...............................T............................................ ............... ..H............text........ ...................... ..`.rsrc...0...........................@..@.reloc..............................@..B........................H.......@@..<...........|.................................................(....*..(....*..(....*.......*Z~....,.*.oB...&......*.......*b~....-.r...ps....z~....*.(#...o8...*.0..........(#......o9.....(....Q*6.(.....(%...*.0..........(#........o:.....(....Q*R.(.......(....('...*:(#......o?...*N.(.....(.....()...*2(#....o;...*2(#....o<...*..o....*..o....*2(#....o=...*2(#....o>...*6(#.....o....*...0..........s"......}"....{"...-...+....#...s.......(1...*6(#.....o....*6..(....(3..

                                                                                                                              C:\Program Files\WasabiWallet\SQLitePCLRaw.provider.e_sqlite3.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35840
                                                                                                                              Entropy (8bit):5.714546463538803
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:AUgStyoSJdztp6byeOhPv/3ja9qJqayJioEE:ALStyjdz+byeOhPv/3esyJREE
                                                                                                                              MD5:458AFCDFF2D9A0A6049F56B265242B70
                                                                                                                              SHA1:B64695DD2DCEA382ED057406109B16CC00C942ED
                                                                                                                              SHA-256:66A5EA09AA318F9A05093C28ED19D3EB2491D8C3710FF5FB622B8902AB866CE8
                                                                                                                              SHA-512:61740483E01B96FF24314911EB2FB5C19FB6F66F41A2583810980458A00557456537D0A1F50C2530AA3B22BE87C67466A649CFBD6E9764539574A2C15EC10805
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...F&............" ..0................. ........... ....................................`.....................................O...................................x...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........3...k...........................................................r...p*2...(.......*N........s....o...+*..*..0............(........(....*....0............(.........(...........(....*...0..>.........(.........(........(...........(....(.........{.......o9...*..(....*..(....*..(....*"..(....*&...(....*..(....*..(....*>.(.......o....*....0..I........,...........s.....+.......s.......(.............(.......(.........o....*....0............(.......(....*2.(....(....*....0..

                                                                                                                              C:\Program Files\WasabiWallet\SkiaSharp.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):432560
                                                                                                                              Entropy (8bit):6.16879777229381
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:7wja0CcoFzL/+HZA8GqBeDwMMRuTAFicmKda/Mh+jDU9RJZqet8gdZvvCNqrzz6c:Dv+HZpRpNnHzznS6
                                                                                                                              MD5:7431676C90A5D584D50C8F209DEA9DFD
                                                                                                                              SHA1:4850CFE7EED29961C3E2C507DEDF94C57F4476F2
                                                                                                                              SHA-256:6C38973434C742D65A0E2B82C6F5471E53EA1D85FB0CA058274ECD4F7D51B839
                                                                                                                              SHA-512:2C209DDAC57A018E2C0526C3FEF9808AF5A183B79CCAFC7BF561228A261E6F68A6329C25D31D71AA9044736629B758BD6BCC30B4AC80168EC126822242EFE4E8
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..h.............. ........... ...............................g....`.................................w...O....... ............r...'..............T............................................ ............... ..H............text....f... ...h.................. ..`.rsrc... ............j..............@..@.reloc...............p..............@..B........................H.......\....n..................(.........................................(*...*..(*...*..(+...*.0..6........-.........~,........9....*..(-..........q....(......*..-.........~,....*..(-..........q....(.....*..0..6........~,...(/...,............9....*..(0.........(1....9...*...0..B.......sE......}......-..{....+..{....s2...}.......F...s..........(.....*...0..,.........(...+..o......u......-...9...*.o3....9...*.0..-.......s4......}5.....}6......7...s..........(.....*....0..4...

                                                                                                                              C:\Program Files\WasabiWallet\Splat.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):140856
                                                                                                                              Entropy (8bit):6.1991271558845815
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:Da6G6S1CWK2i4VUi+6qWFWe2Kyg1US6OaSV/vDLJXv2T5609jkSUhp8fmVLxTgBu:Da6G6S1CWK2i4VUi+6qWFWe2Kyg1US6e
                                                                                                                              MD5:5378F7B03620F7ED4275AC5D73FB86C0
                                                                                                                              SHA1:F98D97BEFAAE1AE852E01E8898FD720A88689A11
                                                                                                                              SHA-256:626E82D8797EAE368DC11347DF2425D3F9860FCA8BA52DF741139895DFFA92A5
                                                                                                                              SHA-512:95069EB1F33DCB28DD212D08CFA5906A03346506444979AEE32BD517246514D4C443A8511A203D0361671F3A6643D3A15B76CC58FA8563BBA9EAFD538AD2C654
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l............." ..0.................. ... ....... .......................`............`.................................S...O.... ..L...............8*...@..........p............................................ ............... ..H............text........ ...................... ..`.rsrc...L.... ......................@..@.reloc.......@......................@..B........................H...........|9............................................................(....*^.(.......H...%...}....*:.(......}....*:.(......}....*V!..~S0e...s.........*.0...............(......o......-..........*..K...%...o....r...p(....~ ...o!....%...o....r...p(....~ ...o!...r...p~ ...o!....~"...%-.&~#.....$...s%...%."...(...+(...+....+7.......r...p..o(...()....(*.......,...(+........*...X......i2..........*:.(,.....}....*.~Q...%-.&~P.........s-...%.Q...s....*..|....~R...%-.&~P.........s

                                                                                                                              C:\Program Files\WasabiWallet\System.AppContext.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):15520
                                                                                                                              Entropy (8bit):6.734786449939345
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:DYjixAdNWLzI7WoBuWXebPpUNTQHnhWgN7a8WpbTseUfX01k9z3A/mE16jl:DkokNWLzI7WWTb2HRN7u/6fR9z+mE1W
                                                                                                                              MD5:4B300B88A490B4B48973CE8043F25BEC
                                                                                                                              SHA1:B41F8DC5B5AED4C9111F6D19C2773E3A49732B17
                                                                                                                              SHA-256:D9E7FEC4DD46BABC532D321F7BAE0E460861105BD02A2F7D534C4BBD7BBCA37B
                                                                                                                              SHA-512:46BDD4AD5BFD2143DA1294ED0FDC485C5EC4868E33D859511B2F026E3E40D650D0A826EDEC2E056AFD1B31EC008F0A755B6032211025895EBD0B19C5CBE929F3
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0..............(... ...@....... ....................................`..................................(..O....@..d................(...`.......'..T............................................ ............... ..H............text........ ...................... ..`.rsrc...d....@......................@..@.reloc.......`......................@..B.................(......H.......P ......................('......................................BSJB............v4.0.30319......l.......#~......<...#Strings....H.......#US.L.......#GUID...\...|...#Blob......................3......................................................x.....3...........^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Buffers.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):15520
                                                                                                                              Entropy (8bit):6.724626706065687
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:2ChWBzX2Wz8Tb2HRN7AyDX+iR9z34K7bQ:27Xb8/iAyDuO9zIp
                                                                                                                              MD5:D58D36ECE74FC192598DA7C11F511FD2
                                                                                                                              SHA1:DA145EEAC672C03C0FC496B2F83171E5AB0D2673
                                                                                                                              SHA-256:AF9E60053FD40BC263F61E0A83CCB81A816B334567D0EDC81170E02D806BF494
                                                                                                                              SHA-512:3B7FCB01DDA0E9E2E94E8D9F497C8138C5765DA3EA03C3AE28C31B203558AC951A86637E94E4E5DC23F30325B973263BC08CF570FE3306AB4BC3769E5B4513E9
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...2l..........." ..0..............(... ...@....... ...............................p....`..................................(..O....@..T................(...`.......'..T............................................ ............... ..H............text........ ...................... ..`.rsrc...T....@......................@..@.reloc.......`......................@..B.................(......H.......P ......................('......................................BSJB............v4.0.30319......l.......#~......@...#Strings....L.......#US.P.......#GUID...`...x...#Blob......................3............................................................?.....!.....j.....%...........U.....k.....:.......................!.....S...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Collections.Concurrent.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):276752
                                                                                                                              Entropy (8bit):6.734984449636032
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:ObH8+KHncm1xa3BvGFehyhyO2mibc8wXDG:IPCncm1xakhD2tbVES
                                                                                                                              MD5:0A5C38DED0F41CB3C4526FCA519D5A4F
                                                                                                                              SHA1:CB0690850AB8E09A35B2E18477595FA8C726058C
                                                                                                                              SHA-256:3F985CC7157258D26AF3D25AC087D04320A5E12A975AF1902416B6B90B9FD8A1
                                                                                                                              SHA-512:48FD97AFDAF7A2E5F036C2B4A79FF263DBDFB66BCA31CC80EA32D239572D60C7109FD851F7E444E71CC9E52A83065DB8F1E227EC0D4EE5F6D7C5FB9480E29C70
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...B;............" .........P......................................................*.....`...@......@............... .......................................n...........)..............p...............................................................H............text.............................. ..`.data...h=.......@..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Collections.Immutable.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):837792
                                                                                                                              Entropy (8bit):6.722715547698501
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:lrJR+uRoPwKAeN8/98vTU4dQEE3k0T9YLVgHr4lu2vUgllggr:V+uG8abw+CMlb7ll9
                                                                                                                              MD5:2C89215F2717BF9BEB6B61A0C601F653
                                                                                                                              SHA1:B5FB11ED85E2B7800B139D10384E6C9E78105BD9
                                                                                                                              SHA-256:981B6F702C8DF0D03DD9C4FBBB5DDF45A14B91645D8EAB4B399D22C5D14B1FB0
                                                                                                                              SHA-512:22708A99DE81AE3C9ADB0A80FE042B72A3590C7FFBABC4DE5DAA55FECA4F46F8F5F56E54C6090DE6009BFDD7042FD509441087AB2301D9B956AC974FA86D19CC
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...u.B..........." .....@...P.......................................................H....`...@......@............... ..........................................Hr.......(..........( ..p...............................................................H............text...P0.......@.................. ..`.data...L$...P...0...P..............@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Collections.NonGeneric.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):104624
                                                                                                                              Entropy (8bit):5.948958634139885
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:upwoktJ1UcLHWsYAZwmkXjhXVrMZREnAWLUd8xz0S:upfk9vHLI1GZKAqn
                                                                                                                              MD5:BA301F507CB460CB163FAF971F91DE02
                                                                                                                              SHA1:9BFF3BDAD97F2EFD2F637E76AE5BFD5FC42D35CF
                                                                                                                              SHA-256:E2E45C82FD8D6AE3AC733329085F551DCE56E157CED7A896A2B533FDAFD81045
                                                                                                                              SHA-512:F8D42529CF0AAA054DADEA9E66ADF4640BDEEA003E08922316E04EA1D299E9B4EABF624423510BA79C6400FBF97BB8E8E40415DA45946CF8F2FE78C7A57E0155
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...;S............" .....0...0...............................................p.......a....`...@......@............... ......................................@0.......p...(...`..........p...............................................................H............text...*+.......0.................. ..`.data........@... ...@..............@....reloc.......`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Collections.Specialized.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):104624
                                                                                                                              Entropy (8bit):6.019829956144924
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:myBJtht+6A0hqlJH5MC+W06201CTBUsqEiONocgO50ad01IOm/zh0:myBJQ6AgiT+WFPaiONocgOaaOh0t0
                                                                                                                              MD5:41743F17DB38FB9C61B7B4BCB6CC8A8E
                                                                                                                              SHA1:54CFE4048C7CF36D90479CCED20E60281608749B
                                                                                                                              SHA-256:D69D94357577600B0F289080FD77AA3AC8FA43E5B40C7D9B296A70C238A4EB13
                                                                                                                              SHA-512:95AD4A9FE5313E266DC6130ED49384F94169F4885E384C2C03645311D56173A15482FA6DCF6F53145028DFAE70324F62BAB0E6B2430DCA017BBED468EFAE0934
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....O..........." .....0...0...............................................p......ku....`...@......@............... ......................................p1.......p...(...`......8...p...............................................................H............text...!).......0.................. ..`.data........@... ...@..............@....reloc.......`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Collections.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):260256
                                                                                                                              Entropy (8bit):6.617931236175796
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:RmXiJoXLwgtvcp1M5eRWAbQW0ryS1woXr3+O:wYCwgtEzweMiD0rGqT+O
                                                                                                                              MD5:EE31E3A33F2CFF6A3014B8AB7FCA6CBF
                                                                                                                              SHA1:FD96795D65D8441ECC3DAEED0456F6EC7ABE9D71
                                                                                                                              SHA-256:D147E0163B1BDB3989B98C81D7F4302F222A56504A3E1C54BB4A7B1D81757307
                                                                                                                              SHA-512:3CC966D698F0F187B3DEA88C45405402C4D0400C035C10B8A1BCB40F4563F87CD134FDB70645EF24481EAC6D1D3D568D084A993550AD4F563DFD6525FEA42BB0
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....k..........." .....p...P.......................................................W....`...@......@............... ..................................p....Z..8........(..............p...........................................................p...H............text....g.......p.................. ..`.data....>.......@..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.ComponentModel.Annotations.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):198816
                                                                                                                              Entropy (8bit):6.273936640530639
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:28J/qqpvO5XAf15PGudCLoeOiP7SycspFmMWParD5/oE5bF6HZ/AOblV:2iCyv7f1gp9ZZpFzWParK/AObL
                                                                                                                              MD5:4AD85BDA5BAA3CFB211026AF818201A7
                                                                                                                              SHA1:38B663943A08DE22EA56641398CEFD3FC56F99D8
                                                                                                                              SHA-256:21AE686A1653DA15208BF96D406E8DFB8E7ED4D49C57AE791719359B4017FF83
                                                                                                                              SHA-512:EABE1531D5702E8A5663219FDF9E4BA50EA21256FCD619EB7D7D1527CF31571777892E7D3BCCA7BD144D5BE10C6238A3E13A798FC1E9E2193BCD6BD4B8A41DB1
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..............." .........P......................................................RO....`...@......@............... .......................................I..d........(......H....!..p...............................................................H............text............................... ..`.data....9.......@..................@....reloc..H...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.ComponentModel.DataAnnotations.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):17184
                                                                                                                              Entropy (8bit):6.670918091162033
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:MpmblJeIeGXxQ6OlPW7zsXWyO5kHRN7/5xNbZR9z8s3F:MLIhsXnTFT9z9
                                                                                                                              MD5:FB820E52017CA1DACC9855D374016470
                                                                                                                              SHA1:4EE260756036B07100C94FF60249BBC953AE095C
                                                                                                                              SHA-256:AB17A0DFF9FCF9AA9D3F0E0BEA43B8CE1EF1A16951D2E2979DC32575480ED520
                                                                                                                              SHA-512:DEF3C97C73F35FE5D573B1BA8321577F072C41C4A34B73B5F530C8E6D7B699713D0508BDC7964C343E4628DEE551405CDBA5653E1137DC9569C89CC5685DCF9E
                                                                                                                              Malicious:false
                                                                                                                              Antivirus:
                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5s..........." ..0.................. ...@....... ...................................`.....................................O....@.................. )...`.......-..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B........................H.......P ...................... -......................................BSJB............v4.0.30319......l.......#~..l.......#Strings....,.......#US.0.......#GUID...@.......#Blob......................3................................+.....S...........................3.......9...O.............}.........}...........$.....A.....d.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.ComponentModel.EventBasedAsync.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):47264
                                                                                                                              Entropy (8bit):5.330095835600049
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:WBNjqoYkaBv688IVXjXL/iUrDuO9zItAA:WBpqdka9V/X77iUPzk
                                                                                                                              MD5:8E3D0046A4230D30D222BFAE0897DB36
                                                                                                                              SHA1:92C970690DBBD8F795B2EDA8E299CE029A525196
                                                                                                                              SHA-256:125C0D801024C8ED33B40E23F87D15EB4E251A37191BE7BE871B3AB3E442C9C6
                                                                                                                              SHA-512:621886E427406C4D4B1DEBC0FED27416BCCF0144437F5C0D34A02AE51947E2B02F4493BADA5585FD5AA47D9C4814C6C5127B2E4E11F6ED7E729ABFFB17FD6587
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....j@..........." .....`... ............................................................`...@......@............... ...................................................(..............p...............................................................H............text....W.......`.................. ..`.data........p.......p..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.ComponentModel.Primitives.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):80032
                                                                                                                              Entropy (8bit):5.840415213041058
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:zOk4czT4vhd+Cv8A/oqZvD2olsNrbkt7i8Nzo:zOk4b+S85qxD2omNr0E
                                                                                                                              MD5:6D9591B131290D9246934B82204FCF0B
                                                                                                                              SHA1:96A584564466B25B659BD25D01D894AF04AC7387
                                                                                                                              SHA-256:BAF7603759D41DA0E2524C5E406E98986DF5859E16FF9B168ED384680FCD6FF3
                                                                                                                              SHA-512:317DCE65E359107240ED08F7350332479393C6C7E13A11589B6CE2AA4D265D7DD0647E0504A4E724B8FAAB7FAF2759D8297E62CDCF847247A349D6BB24D49BD8
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...2............." ......... ......................................................G.....`...@......@............... ......................................4&..X........(..........p...p...............................................................H............text............................... ..`.data...............................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.ComponentModel.TypeConverter.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):743712
                                                                                                                              Entropy (8bit):6.660626323113966
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:14nofLVRPb4AId4ktGEAlo5sMSEWR6h374Y1MpBiXxDyPzF1zIeHe1WDeb:qoffb4AId/GEAlo5sMSj6UAMpBiMP5WF
                                                                                                                              MD5:1327253329CB7C102C645CC90D39E7CC
                                                                                                                              SHA1:C37073668E9D1247A876802D295425CECAEBF101
                                                                                                                              SHA-256:799AC906884C67BF255F43A07BAECC9698F1321532B20D669ABE514F917AB43D
                                                                                                                              SHA-512:6A54CA9F39611E00D7D3C88F882C51AF3F86D8C02E15DFD5A0D6F94D08B3536FB014A5387B81229FAC853551B2D2E27418AF164A5F2A8D0A755DCAFD2FF1FF16
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....@...................................................0............`...@......@............... ...........................................X...0.. )... ......`<..p...............................................................H............text....;.......@.................. ..`.data........P.......P..............@....reloc....... ....... ..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.ComponentModel.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):31000
                                                                                                                              Entropy (8bit):4.321072390933744
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:fWhzy1Wgqq9c+c0AMn5kHRN7N62IR9zgqtoDF:8ygxTU9zXaDF
                                                                                                                              MD5:6ABED55D13206A4DDA5881CED49600D7
                                                                                                                              SHA1:A88452054A3ACC362BFBDA6D90A3418C57CC5C1E
                                                                                                                              SHA-256:AE146E9F639706F5E55E3074C307A34714B419E8FE02AEBA0F91221BB47F10A0
                                                                                                                              SHA-512:3BDACD7322BFE15EFCB37ED0C709231E3F4202B35818345F6B46B94F48460CAD828535B56F51B5836FC30C9B08AD0F136F9ADE4BA1BDBCD0CCE31277A01334D2
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...v.F..........." ..... ... ...............................................P............`...@......@............... ..........................................0....P...)...@......0...p...............................................................H............text...1........ .................. ..`.data........0.......0..............@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Configuration.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19736
                                                                                                                              Entropy (8bit):6.496965965991352
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:1MXTSv/fUNRvGZYdf3zyP/weK+JHJWazKNW/5kHRN7WNKRWMSR9z95k:8QKcK/gKxe9zfk
                                                                                                                              MD5:111F28697F726E8F75E881859B9A66C3
                                                                                                                              SHA1:D205406EC6EED5E2BF49F8B3C56769A77F1A0B04
                                                                                                                              SHA-256:A2321C5428941CD85474947A852BB5EB6D47456FE1F61653821C396820D67A60
                                                                                                                              SHA-512:6FF6A32AC79F3A4B7F50AD0E732ABB16103784CCB8DD87A96AFC42716990B1C12B4B351C4E8D4D6DDAD4E51FBEE689BA6DC0FE6C643DD82C67347EB9300F6097
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...|............." ..0.............v8... ...@....... ....................................`.................................!8..O....@...............$...)...`......87..T............................................ ............... ..H............text...|.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................U8......H.......P ..h....................6......................................BSJB............v4.0.30319......l...h...#~..........#Strings............#US.........#GUID...........#Blob......................3................................h.................2...%.2.........R.......b.....U.....U.....,.....U.....U.....U.....U...3.U.....U.....U.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Console.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):174352
                                                                                                                              Entropy (8bit):6.279052224583195
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:RzGeEmXezdfd6+Vfz5mDVVdwF6xARZvcKZh8SR1BB1G+L:R6e1X+fd6qwVdC6x2ZvcKy8Bj
                                                                                                                              MD5:D9EC3CE74D08FDC0C5CF15E792CA8E49
                                                                                                                              SHA1:98776FE67564035E9FBC7E61BEC4DC4664075E8C
                                                                                                                              SHA-256:D3772A0F2AB3C3AD3734BBE6F1EB11F86B25416B970043B26BABB7610E9BAD31
                                                                                                                              SHA-512:E83B500BA26293145CF7BABF804568CF3A9D0F890FC7173358EFA95F6F0E542F3602852B9FAA9ED388406074ECAE327FE7E28C39D813CA33C6157797D86CE8EC
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...v]..........." .....0...@......................................................dU....`...@......@............... ..................................P....<...........)...p......X...p...........................................................P...H............text...}!.......0.................. ..`.data...."...@...0...@..............@....reloc.......p.......p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Core.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):23816
                                                                                                                              Entropy (8bit):6.297580028763317
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:US9H4Ay0l9Jr3OzFPhoact/iKMePLexkrW1rU1ZXtox9E3WizX2W2gTb2HRN7b0Q:z9H4Ay0l9Jr34FPhoact/iKMePLAxi+F
                                                                                                                              MD5:2BF49A313B91259A2F864D59FE4E4201
                                                                                                                              SHA1:DA9458CB0DC16D0B566273AC8D439E6BED0B2BCB
                                                                                                                              SHA-256:0B3032B08706F81750FD9C7535C9814C6E2C476FD33141223D1A235C96080210
                                                                                                                              SHA-512:CA0DACF156943F97AC1CD846B59E4E1CF30A6F46E49FABC1D4E4593FA46A3DF463B1ECBB632854BA023FDAB391DEE59408E5427009977BD4192B723F7E04454A
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....W..........." ..0..*...........H... ...`....... ....................................`.................................sH..O....`..4............4...)...........G..T............................................ ............... ..H............text....(... ...*.................. ..`.rsrc...4....`.......,..............@..@.reloc...............2..............@..B.................H......H.......P ...&...................G......................................BSJB............v4.0.30319......l...<...#~..........#Strings.....$......#US..$......#GUID....$......#Blob......................3......................................................i.......G...........................:.n...J.t.....t...P.................C.....`...............................................).....1.....9.....A.....Q... .Y.....a.....i.....q.....y.....................I.....R.....q...#.z...+.

                                                                                                                              C:\Program Files\WasabiWallet\System.Data.Common.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2861216
                                                                                                                              Entropy (8bit):6.795343294554388
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:WqlMm2ml+ncGZU63k+mywJOHPxIyiNMZ62YGkO3egTxiZsc5hBhvUX1Q:TOO6Z0yZ62YGkO3egTxiZskUy
                                                                                                                              MD5:CC57370E9A3347FA48174B763DAA0ADB
                                                                                                                              SHA1:2A9F98746274AB04E8744FF724CC05F1CA0AEFCE
                                                                                                                              SHA-256:2533F2057A7257C08BB75DB2C86DE09662F9BF2AC71DF6DD548EAAE262A1952C
                                                                                                                              SHA-512:ACA29F35ABD570DF6048543FB9236BE560B4A6B961A426F0395FFC030CA83AB0465AD0B7188E1280A21D3E19A5C95572188FC4CD1E6E546E355F1843DE250C97
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....4............" .....@)..0................................................+.....=.+...`...@......@............... ..................................p.............+..(...P+..-.....p...........................................................p...H............text....8)......@)................. ..`.data........P)......P).............@....reloc...-...P+..0...P+.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Data.DataSetExtensions.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16032
                                                                                                                              Entropy (8bit):6.643724918973033
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:toEIjWHz47WCTb2HRN7oeDX+iR9z34KuZ:toEF4p/idDuO9zI3
                                                                                                                              MD5:2C7D5F07B1B2E46EB809388E8EA8A713
                                                                                                                              SHA1:43DC4FFC4DCF60C5F5412398D476BA7837B45CC4
                                                                                                                              SHA-256:D9DE5E2F2AE07ADE1590661C8865CE39288FFE353E35196C63FA56D9B4A5A0A7
                                                                                                                              SHA-512:7296038ABC1117813EFD3563002AE32AB39102DFE161BDCC0039CF4990EEED16638FFCE2473A6F0BC2873EAC719DF64B6E0965B0F203EDFCC817767F4EBD66A5
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....T............" ..0..............*... ...@....... ..............................X.....`..................................)..O....@...................(...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ......................8(......................................BSJB............v4.0.30319......l...0...#~......@...#Strings............#US.........#GUID...........#Blob......................3................................................E.............|...............i.)...'.).....".....)...~.).....).....).....)...e.).....).....E...........v.....v.....v...).v...1.v...9.v...A.v...I.v...Q.v...Y.v...a.v...i.v...q.v...y.v.......:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Data.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):25352
                                                                                                                              Entropy (8bit):6.285394597541298
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:B/AAaFiTCmM82SuxDJQh/WvzSFWnATb2HRN7RcTR9z9v9J:tpaFiTCm0DJQhiSUA/iCV9zV9J
                                                                                                                              MD5:5BB5211C95024A215C2C142E3175943E
                                                                                                                              SHA1:2D55B6F9450FDAFD4BD5093D0ABF24DBE9DD9F1C
                                                                                                                              SHA-256:13B54F242BA6CEEAE0F48D63C2FA0E4CB9AD57D7E713669E10B5DB14A112FF9E
                                                                                                                              SHA-512:663BB5F078721EF7A802127550BB9DDF9180FD003654AEBD505413926A7C58D75FB3FDB0A09277143956D6F0647871A59DCA12CFAB0E71152C0F1F70D4619AED
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....T..........." ..0..0...........O... ...`....... ...............................n....`..................................O..O....`..4............:...)...........N..T............................................ ............... ..H............text..../... ...0.................. ..`.rsrc...4....`.......2..............@..@.reloc...............8..............@..B.................O......H.......P ...-..................HN......................................BSJB............v4.0.30319......l...T...#~...... ...#Strings.....+......#US..+......#GUID....+......#Blob......................3................................<.....H.........~.......................).r.........;.................Y.......................B....._...................#...........................).....1.....9.....A.....Q... .Y.....a.....i.....q.....y.....................R.....[.....z...#.....+.

                                                                                                                              C:\Program Files\WasabiWallet\System.Diagnostics.Contracts.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16672
                                                                                                                              Entropy (8bit):6.667866217605059
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:SaTjtEKWnzn2WTs5kHRN7BDuNbZR9z8s:SaPtCn7pZuFT9z
                                                                                                                              MD5:E68DCDA8956CD40F543580B25206C4E2
                                                                                                                              SHA1:AFE03FB7C5B79FD8800F386E6C3963F35AD41ECB
                                                                                                                              SHA-256:8E691326034E40655DB923743DE13996894C685FF809E6B24EBD44325CCBF930
                                                                                                                              SHA-512:010C903EAC859A11D05982E2BA3C726A6A0423D7E3B791B7B1536915065E860D9C69E1B51EBEA26FAF678263DBAA3C6437BAD3D3B13404CFD8C46A95EC61F9D7
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...r9............"!..0..............+... ........@.. ..............................U.....`..................................+..N....@.................. )...`.......*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........ ......................P ........................................ ...o.......].\..._..:. ..ycR...( ...l..%HX..R.Rk........!...=.>1..md....g.q...1"..~w..P.OkWJ....h....d.JZ....z..O.j/BSJB............v4.0.30319......`.......#~......H...#Strings....4.......#GUID...D.......#Blob......................3......................................Z.........9.........................,...5.............{.........F.............................#.....p.........................

                                                                                                                              C:\Program Files\WasabiWallet\System.Diagnostics.Debug.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16032
                                                                                                                              Entropy (8bit):6.718308046840249
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:OELxAsHWjznmWoS6juWXebPpUNTQHnhWgN7awWGXbTseUfX01k9z3A/mE2TsZ:tJWjznmWijTb2HRN7FX/6fR9z+mErZ
                                                                                                                              MD5:83585C20C43A088BAC884D883D82A433
                                                                                                                              SHA1:9B8BEB8D13A1AA81C4BF4859E4AC0664F3DB396A
                                                                                                                              SHA-256:EC753E01442371C44FD90871C15CBE038A7EFA638851CC864B04103C4C3CC954
                                                                                                                              SHA-512:94DDDD34E2D1D6168612FE7E3DA4DFC6789CF9EAE1C766D5E61F2A787B371D8310AD72F0ACDE0477A3C88F8DEF6D552123C9395F8936FF289FBF4E275CE87798
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[............" ..0..............*... ...@....... ..............................\)....`..................................*..O....@...................(...`.......)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ......................$)......................................BSJB............v4.0.30319......l...H...#~..........#Strings....<.......#US.@.......#GUID...P.......#Blob......................3..................................................W...R.W...g.D...w...........0.....w.......................>...........................................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>...Y.>...a.>...i.>...q.>...y.>.......................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Diagnostics.DiagnosticSource.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):415904
                                                                                                                              Entropy (8bit):6.644489822040798
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:H8CTd8oWIaGHThgXS758epaL+d/tvjERh981bQ6ApmjExX3:HT2IaGHThwSl8eW+bjA81bQ6AEEZ
                                                                                                                              MD5:894F658441ECB9DEDC92E18EBCBFFBE4
                                                                                                                              SHA1:5B0C77FCB227ACBFF7D4C75D2C96E53771403D3B
                                                                                                                              SHA-256:8914BBD930B35FD9D775AC2A66D054B484604D569C88A0A03371C84613D55D51
                                                                                                                              SHA-512:280F80B0412112B9B9A515A5539E0EC19619C0829B0B2C075628DE1CFC22EC7758BCC77CAA6893ACB701EE7C2F2B0E036F3484313D0D6C1BE29038CD1A896287
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...5............." .........................................................0............`...@......@............... ......................................t....)...0...(... .......)..p...............................................................H............text....~.......................... ..`.data...K...........................@....reloc....... ....... ..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Diagnostics.FileVersionInfo.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):47368
                                                                                                                              Entropy (8bit):5.382059699863941
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:c6h5JwsP/QEBuk3bqUghjhyCKPivxbzY17t8AY30ft/iskql9ze/qk:c6TJwsP/QEBuk3bqUghjwCKPipb017ta
                                                                                                                              MD5:48E94847CFB856D63D9D5159B8087BFA
                                                                                                                              SHA1:102CC11550BF243E7F03C073139DF2E0597A7466
                                                                                                                              SHA-256:BEEDB07C9B40682708039BA882A36C2D06E0B8A8BB8409A28E8BFA3DEA2220B8
                                                                                                                              SHA-512:DE66655EE6CC99AD5E68FB9C666FB10C1BBB0ADB9D5D44C99DF7AF735C70986FF8448EAEC2A3123FD1242397965A4337919B06E385166E563CFB7C6490F20E4D
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....`... .......................................................+....`...@......@............... ...................................................)......H...`...p...............................................................H............text....X.......`.................. ..`.data........p.......p..............@....reloc..H...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Diagnostics.Process.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):338080
                                                                                                                              Entropy (8bit):6.547010454151091
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:PTHlZDqaP75HL9eEIdkh+T9jb3b41PlmF+EZTdiX2Ju:7HlZDqweDdmMe8u
                                                                                                                              MD5:BB4558BC564B49F2E9A3BF0ECAB7DB08
                                                                                                                              SHA1:B2DA483B04D9A71FB228F2AB04FEA8F0F477405B
                                                                                                                              SHA-256:B04C17E78950082D91EB14E44C68C4B7E620F243A2A9B70784C02BFE8E53112C
                                                                                                                              SHA-512:4B5616433BFAEFD7C2F70AE6358E7E69F2FD9C7BA59EC0C76A9046FC316BFE5945453570A5F083067E752172514355D4B9960C150C0B7D9D3E3B7E6E255271B9
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...|............" .........p......................................................0.....`...@......@............... .......................................w...".......(...........%..p...............................................................H............text...+s.......................... ..`.data....S.......`..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Diagnostics.StackTrace.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):47368
                                                                                                                              Entropy (8bit):5.392635117184272
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:RhKDRqmLYSzA+DUnFT08vkFY4mPFhRJG//idN9z4:RhPmLYSz1DUnFvc64mPRcXiNz4
                                                                                                                              MD5:12B19BD5CBD8C43810488BBCC45C8D37
                                                                                                                              SHA1:67E53DC542C1CE9EFD15FE09E3B9DAA7FDFA0E58
                                                                                                                              SHA-256:A96CBF9812BAE62DCB2765A978EDA4490A3B12386E6856FC8DE6D1A0A99FAB19
                                                                                                                              SHA-512:1C3731CD61BB46050D8EEA724516573F44EEB20B3AC9EBEBC578C668D44A1F33976120A7209291E4D5825AD4282A636C006D9E81C2675A147F2291B63B94F05E
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...P............." .....`... ......................................................=~....`...@......@............... ..........................................8........)..............p...............................................................H............text....V.......`.................. ..`.data........p.......p..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Diagnostics.TextWriterTraceListener.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):67760
                                                                                                                              Entropy (8bit):6.063175006866645
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:wLBHMffs45VU9QbAoqxfxGSC0e+LRnugRxFjyGw3/slSdoF31s7YiNZ/OSkkUxPP:wLiM8EoLmpsFAxg9lzlYZ
                                                                                                                              MD5:D6165DD84477A3B7D134FDA6CB082155
                                                                                                                              SHA1:9C0CDA0EB92C313FD82C527303FB6C2FA8E68AF2
                                                                                                                              SHA-256:7C02AAE25483E5FDF98CB5820B99AF58AC461EF24A60F36EB0C95CD679AB462B
                                                                                                                              SHA-512:0C68BC073F724D2E81C4A312C287A5C61FA473A52F2C86C8F84D551D6FB5DB81A9D0FE8792C473816F6EF360A128AEBE88BB5192CDC85613B95355DF0E97600B
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ......... .......................................................P....`...@......@............... ..................................0...4(...........(......0.......p...........................................................0...H............text............................... ..`.data...............................@....reloc..0...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Diagnostics.Tools.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):15520
                                                                                                                              Entropy (8bit):6.793649835255006
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:AAT4VxAo/FWZz9UWotuWXebPpUNTQHnhWgN7a8WRfmbTseUfX01k9z3A/mEyp:Aw+vWZz9UW+Tb2HRN7H/6fR9z+mEY
                                                                                                                              MD5:DB12A06AB59565A860000473AA35FF9C
                                                                                                                              SHA1:7DFCE22AC3EBC41615553F90887D6A80E9B837E1
                                                                                                                              SHA-256:D99218B18DC331AD7469CF8488040F0AF9176F8C10F972E2E4B9B0EB19F3F422
                                                                                                                              SHA-512:6866EC80448ED44D8628414533A130F9B77E7633A74E453329D43D46690B9660A36DF1274BD85B6A976C8F75709E11BB3349299B5601527FE0FB2283B18669FA
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....t............" ..0..............)... ...@....... ....................................`.................................Q)..O....@...................(...`......`(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..(.......#Strings............#US.........#GUID...........#Blob......................3................................................F.h.....h.....U.................%...(.%...........%.....%.....%.....%.....%...f.%.....%.................O.....O.....O...).O...1.O...9.O...A.O...I.O...Q.O...Y.O...a.O...i.O...q.O...y.O.......................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Diagnostics.TraceSource.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):145568
                                                                                                                              Entropy (8bit):6.2108212968439105
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:jA7vuCBghTeY0dpwQn60x7cftbgZyeIt3T5DFZ8r:jEBgsY6aQn60x7cftbgfAlfw
                                                                                                                              MD5:3D37EFEDF0C7709F66F11BE3851FE173
                                                                                                                              SHA1:273E522AE24E1230D64D3BA1F3985F0F2F8F9D10
                                                                                                                              SHA-256:3A2308C0D2629826CA3CA8AA9A135D7528D3E39EA93CDACE32C8A23D9102CFAB
                                                                                                                              SHA-512:2D629503543B7D658456AA12FE20650841CC6F5C4CD3D26AE44D6AFD5CEE9C51E967511B1907C292E7AA8B331EBA0DF6F9D4AB7B0E4596DB6BD47A2F2DEAB8AA
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....c)..........." .........0............................................................`...@......@............... .......................................B...........(......|.......p...............................................................H............text...g........................... ..`.data............ ..................@....reloc..|...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Diagnostics.Tracing.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16672
                                                                                                                              Entropy (8bit):6.733886101256934
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:5q6DDj+yJxFcWGzgDWolG3WT56Os1HnhWgN7akWfgyttuX01k9z3Au5m:5Z+yTyWGzgDWQH5kHRN7aSR9z9Q
                                                                                                                              MD5:424816C5023484AE961405B2DAC0D9D5
                                                                                                                              SHA1:7C01477DF50779447056C5590B68A617B9966FDE
                                                                                                                              SHA-256:BB74F0F643E8C427AEC0F80B5C64042F97A15A55AD28F8C68A45EA6DAC86FA13
                                                                                                                              SHA-512:76E8F9C22B89F6C038CBFD18914DDBAAA19FA2D3AFDEDFC5DEBFB4C1F7C7B27C95D677669F9036616F05078B5EB17887E2FFFCCB5B005DEC559557B4EB8036E7
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...<............."!..0.............n-... ........@.. ...............................R....`..................................-..Z....@.................. )...`.......,..T............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P-......H........ ..H...................P .......................................<.....E.!\..1.l.l@.]<0....7..Y..]..ny_N...,.t.3%l...4{.ab.:W.,..}.L..i....{.._.nkL.,..V.].a.C8.~O5....|pXs(..3.......VL...BSJB............v4.0.30319......`...x...#~..........#Strings............#GUID...........#Blob......................3................................ .....................O.......................c....._...........}...........6...........B...........................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Drawing.Primitives.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):133384
                                                                                                                              Entropy (8bit):6.078487052048059
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:9Wgu57s4yeP4Sy2vmH00N6no5WkCIYpoRcjpg:9C5706mpM9ot
                                                                                                                              MD5:AF2037351A67F0C9DA96A4B53B2172B6
                                                                                                                              SHA1:FA09CC7E6F066223C66E4D273888FD04D6445469
                                                                                                                              SHA-256:201DAEC5F19E1C58830D85A06CB6218906FA1AEBFCE925B2CC194EC585DE0330
                                                                                                                              SHA-512:67B51EBD5F0A7BC6A0553B0705ACA0621060F41191A3796FD342F3D995F57B017DBDF19EC2F7EC2247F2225FE17E3DD1A57C25D3E81851FEBDC2C3DB4F209BFA
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...|............." .........0............................................................`...@......@............... .......................................-...........)......<...@...p...............................................................H............text............................... ..`.data............ ..................@....reloc..<...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Drawing.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):20744
                                                                                                                              Entropy (8bit):6.417829735153494
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:RTiP7uC8MYITetoB6mv6WAzKtW1zTb2HRN7KC52IR9zgTYcXe:RWtOKKz/iKFU9zk5Xe
                                                                                                                              MD5:BEE8EAB77A66453040FAD998D24D36E5
                                                                                                                              SHA1:54261E4424F623806CF627EC7C79E29BD9AA7CC9
                                                                                                                              SHA-256:56A3256288EE913F7F7BEF84AA4347BBB6BBD9FF62540C94C4937A3D16480F57
                                                                                                                              SHA-512:70687286B247538A7FA9E5BDBA35C6B2F698CD4DE50593BE0AE2CCFDBD4531C55F711E52790C4F6087C340BED072D366244818D998AEB0099490136BFC58BC6B
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*............" ..0.............^=... ...@....... ....................................`..................................=..O....@..T............(...)...`......,<..T............................................ ............... ..H............text...d.... ...................... ..`.rsrc...T....@....... ..............@..@.reloc.......`.......&..............@..B................==......H.......P ..\....................;......................................BSJB............v4.0.30319......l...\...#~..........#Strings............#US.........#GUID...........#Blob......................3................................................s.#...C.#...~.....C...........d.`...U.`.........*.`.....`...!.`.....`.....`.....`.....`.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Dynamic.Runtime.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16656
                                                                                                                              Entropy (8bit):6.678687970192235
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:UmhdoljA+MWVzbCWqTb2HRN7W4SR9z9dI:UmHoVA8bW/iW4e9zzI
                                                                                                                              MD5:C65671607C6866C65053A73D8379D334
                                                                                                                              SHA1:EF0A6394234960CD5B58351FAF87108D7FD77BA5
                                                                                                                              SHA-256:152ED9CA358D00156F72C07D417B26D59500F32425F6005E8EEC222A233B2E15
                                                                                                                              SHA-512:136309BC73F174EBDA556A918FA3D1ECD4CC71C793A1412494A707E4A626F8A280E0F01DE4A25DB16AD88ED357258487366726749AE17BA7A5581027071596E0
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....mm..........." ..0..............,... ...@....... ...............................+....`.................................a,..O....@...................)...`......t+..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l...<...#~......h...#Strings............#US.........#GUID...$.......#Blob......................3......................................&.........W.............................j.Z...9.Z.....A.....Z.....Z.....Z.....Z.....Z...w.Z.....Z.....#...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Formats.Asn1.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):244000
                                                                                                                              Entropy (8bit):6.460724972874368
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:ZP1U5Wz6LHNsYYBqooyemNSvQUzKeeAxNXVh6g+uG4krZAuZAVV/me4OHUVMrB:Zy5WzwHNsYYSyem8oGKRAxNXPRVYMvr
                                                                                                                              MD5:27A3BD91BC6A353580391A4C7D371CFB
                                                                                                                              SHA1:56907F4A73ABAC30B98B4E5B8A8B54AE928DCC06
                                                                                                                              SHA-256:3FB221A512E3424F906A094BF771ECD28AAB82AF0E4097CA8BEFC22117606BF6
                                                                                                                              SHA-512:A0160017314A35DBD505CCA7FE16068805FBE32A27C0C7F11CC31C0F155711872AC2BD84786B2CC21E2309C8DA707081E0E134C05E8C5A10B408BBD1CD3ACF3E
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....@...@......................................................+.....`...@......@............... ......................................(P..x....... )......`...x ..p...............................................................H............text....4.......@.................. ..`.data....)...P...0...P..............@....reloc..`...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Formats.Tar.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):272544
                                                                                                                              Entropy (8bit):6.505562166833011
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:LlKkgkJLdnAwEIvTlz1aYqsOMBFK0rkir51KYb8FK3MEIS3PQnZg28aq/xv642u9:LcjkJLN5EIvpzTC01anZ0/H2Nf9gzqw
                                                                                                                              MD5:FC05CA2B0A8BCDE5FA7FC5EB872AB692
                                                                                                                              SHA1:4F1FA6B33C39A959F64C19EE0A87137B99F61484
                                                                                                                              SHA-256:9197AD2EB9C22F3A2F442C883BBD4CAB5FE27F0577C43B4E4C3405A641E9D873
                                                                                                                              SHA-512:FE14DBA95EBE3D374B3F9D40952CB3F40EB6E600BDED77D57D89419CE749F4DB384AAF3BC6CEB6963DD03EE0C35E47829E2886EA6694835078247BF13734BB03
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .........p.......................................................r....`...@......@............... ..................................p....f...........(......L....%..p...........................................................p...H............text....|.......................... ..`.data....V.......`..................@....reloc..L...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Globalization.Calendars.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16032
                                                                                                                              Entropy (8bit):6.7386437791013405
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:vgARqXWDRqhzCRqm0Rq7WSTb2HRN736/6fR9z+mE0G:oSqKqFwqmuqB/ih9zhE0G
                                                                                                                              MD5:7DAFF70E28AFCDF08BF23001586481A4
                                                                                                                              SHA1:F7733372E25CD72CA715EB9B8D45806BB97FB8FE
                                                                                                                              SHA-256:F208A6B27D76F599DC56FA318C7B6F147F7038F86F63C88498D1EF4EE181D1AB
                                                                                                                              SHA-512:B4BA85672B164ED0D03861E860045B1FEEC897FDD507CEAC8041B68BAB95FE2BF221901285DF23C3ECBEE9E1E567AF134192E5B349904C8B0108B9B4D1DABA56
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............:+... ...@....... ..............................Kw....`..................................*..O....@...................(...`.......)..T............................................ ............... ..H............text...@.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P ......................h)......................................BSJB............v4.0.30319......l...p...#~..........#Strings....|.......#US.........#GUID...........#Blob......................3..................................................;...x.;...3.(...[.....^.................I....._.................w.................G..................."....."....."...)."...1."...9."...A."...I."...Q."...Y."...a."...i."...q."...y.".......................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Globalization.Extensions.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):15520
                                                                                                                              Entropy (8bit):6.803380015872353
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:MQcRPWYRpzFRp0RjWSTb2HRN7aZDX+iR9z34K5:MRNNDpuF/iGDuO9zIc
                                                                                                                              MD5:98911DC1B67160228068D9F1FC0F8B61
                                                                                                                              SHA1:DABD06300109FB2E63B864BAD21E66D2E10A38F5
                                                                                                                              SHA-256:B3183691795345D445BF864F92984C5788184CAF899303896A11ADC40E45E55B
                                                                                                                              SHA-512:C4C1E48217996A3C412D483C0C78D216ADF45902DA7E2161D4409B0BB693B2170FCFEC825D8F6DCE004EDFA3FF74649A429F795BDE25B48ABD7CE4F6511FA549
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............)... ...@....... ....................................`.................................k)..O....@...................(...`......l(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..4.......#Strings............#US.........#GUID...........#Blob......................3..................................................8...x.8...3.%...X.....^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Globalization.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16032
                                                                                                                              Entropy (8bit):6.683883111246887
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:xKQZRLWdR1zIRA0RHWjTb2HRN7hjf/6fR9z+mEY1:xKQv0paAuE/ihk9zhEg
                                                                                                                              MD5:A0AC19EA91AA1F589D229042776CEDEC
                                                                                                                              SHA1:75B7DA41271CF74BDC2BA461514E332ECC5430CE
                                                                                                                              SHA-256:1E28730A5042CDBABB30F84F33FB1DFCABD6DFCBE6451E772A507DA089844F7A
                                                                                                                              SHA-512:44B014311F5432718BE2EBEFA6787227018049CB5B4FF49A0B8A4EFCC0E1C1EA46763C8985892664C2CC50695011AF7A8C4B7B3FE346E53CC3246BC6023FB388
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....H............" ..0.............v*... ...@....... ..............................".....`.................................!*..O....@...................(...`......8)..T............................................ ............... ..H............text...|.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................U*......H.......P ..h....................(......................................BSJB............v4.0.30319......l...T...#~..........#Strings............#US.........#GUID...........#Blob......................3............................................................D...........o.....*...........Z.....p.....?.......................&.....X...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.IO.Compression.Brotli.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):84128
                                                                                                                              Entropy (8bit):5.873230447890279
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:AogIxVuA9+/PACL3jTuDw9wbnUuZE+eU6pAiFzhB:AogI/J+3AiXu8ebnm+P6ntB
                                                                                                                              MD5:65D5BFACF10D323CE1C30A909529D409
                                                                                                                              SHA1:B80AD81FA69613278A3B20E41BC5261CEF93C234
                                                                                                                              SHA-256:26C63DAC13DFE397F1600F017399B205D4942CBF6E8B8E2A09AC9747A3C52567
                                                                                                                              SHA-512:3F2280BE4DD44A1218877ABAE782DD7AFF3C3F6F37B0F952769D7CD85660C6AF40BDE0B1C10A0F7C660342A94AC4DAC0C5E26CF3A867DA225142EC1B6B4B8714
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........0............................................... ...........`...@......@............... ......................................t(..L.... ...(..........8...p...............................................................H............text............................... ..`.data............ ..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.IO.Compression.FileSystem.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):15632
                                                                                                                              Entropy (8bit):6.751238710995274
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:3tfbO71W7z3mWo0uWXebPpUNTQHnhWgN7akW8B6dxwVIX01k9z3A8NAcK3u:dfbO1W7z3mWvTb2HRN7bBqR9zrNAcK+
                                                                                                                              MD5:932E7EFA2F9A907DB38A899DC5F36AA1
                                                                                                                              SHA1:B7C01066FE722BD366E4F0E6D09EABB742B12083
                                                                                                                              SHA-256:9420C292ECC5FDBEA9C46B0FDCA31DDD44E888AAEFF22233D2464A3ABAC09AA8
                                                                                                                              SHA-512:11F59F5F5DFD5C1CC692C1EC3989CE7930B4D43BB2D023D26E081682912E1CEAC78581CD8F2FA34B0A0FBEEE4C18AE1F0E0E88875DCA443582B8E4AACC7F0F42
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...^r............" ..0..............)... ...@....... ....................................`..................................(..O....@...................)...`.......'..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ......................,'......................................BSJB............v4.0.30319......l.......#~..,.......#Strings............#US.........#GUID...........#Blob......................3..................................................U.....U...Q.B...u.....|.....7.*.....*...g.....}.*...L.*.....*.....*.....*...3.*...e.*.................<.....<.....<...).<...1.<...9.<...A.<...I.<...Q.<...Y.<...a.<...i.<...q.<...y.<.......C.....L.....k...#.t...+.....+.....3.....;.

                                                                                                                              C:\Program Files\WasabiWallet\System.IO.Compression.Native.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):835744
                                                                                                                              Entropy (8bit):6.122698326369938
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:ZuM48x15+Qn+y0fhRAHbAHhlyZ8OXTw05nmZfRZk:Z5++bAPlAmZfRO
                                                                                                                              MD5:DD47984D52676A3B0943BE9B3AB626CE
                                                                                                                              SHA1:21FC9304AC5C672F407743318E63677A7187FC82
                                                                                                                              SHA-256:DDD410F29210AC0B8129F4CD3AD1339ADA1CBC779FD2FB727E201DC7F283F1A7
                                                                                                                              SHA-512:9682EEEF6EE486767FCCFAA0487B35347747C0E4438E154C0CC6E47BD709456D6CC307E191ECAB5A90482183B80FB7207972B209A22C1B2439F307D637A7AFFC
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................................V.........................:........Rich..................PE..d....N.e.........." ...'.............................................................e....`A.........................................n.......q..x........................(..........@<..p............................;..@............................................text............................... ..`.rdata...h.......j..................@..@.data...\............l..............@....pdata...............p..............@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.IO.Compression.ZipFile.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):55568
                                                                                                                              Entropy (8bit):5.793203320928994
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:KZe0+1dZ4jNSW3s6+QSvv3XvPHBeiuEp4z+pe:KZe0jj8ISvv3XvPHBMXV
                                                                                                                              MD5:A65300FD9AA9BE40EE3E85C88A4BCCEA
                                                                                                                              SHA1:EFC318937C5D7BAF53E13EB54CC83F23309704D5
                                                                                                                              SHA-256:09DC2A121C481BE9799A699D3A88F116C2AA9A4978D182C6C3C6E546DD28E5F5
                                                                                                                              SHA-512:1E69BAF0475B5B04A147B9E743E666990DEA7BB76490067C02675411A86DFC7816745E73ED763BE06A7718667CE8160F6AD3E51DBE01B14AB69777AC1002934C
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....*d..........." ......... .......................................................,....`...@......@............... .......................................!...........)..............p...............................................................H............text...(y.......................... ..`.data...A...........................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.IO.Compression.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):264352
                                                                                                                              Entropy (8bit):6.55814850736374
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:VoY1RO2TF424mEDF39wIEUizDYj0RlNikmWrj9z1wSnhj3zRG/ADA3NbC++xOMdf:V11RFbszucYMzWFqqdDDgA/dNMC3FmE
                                                                                                                              MD5:D873A14048BCDC81AC19EA1771410EC6
                                                                                                                              SHA1:9663E08CAE7756CDCD47236DF183076F54127DC1
                                                                                                                              SHA-256:58FEB42F25D1CC496624CBE6C38835A5A48A1A8C71BE6B1169A7ADF80A60D443
                                                                                                                              SHA-512:25D5AD346F0A37714939441AD003C80308132AEF9EFBF2292CA32DC273EE29BDBE1E11FBF5ED429621FF727BF388EF562C854CFED13FAC69C6BF202705DC7B04
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...>.`..........." .........P............................................................`...@......@............... .......................................f...........(..........X%..p...............................................................H............text...u~.......................... ..`.data...2;.......@..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.IO.FileSystem.AccessControl.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):104608
                                                                                                                              Entropy (8bit):6.035846845833837
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:Q4kJAlMpSLSjaab0PihEzfQHl9I+CAvpYz2KTyf9DSiGzh:Q4kuG8WKAuBtWf9DgV
                                                                                                                              MD5:D918D855CB05B5D7C44F81A551025C79
                                                                                                                              SHA1:EA4F64CC3109CEEDA40E6E620ECCE53C85FC2BA0
                                                                                                                              SHA-256:F63F21324E846BC86541C49A5E8AC4FFAFC3B2D7183E21FF5A402418A6DFDCF7
                                                                                                                              SHA-512:CC799D0FDE2AEA4D63FBA41138A94E1080FE15E7CAA92C16C8C41B7B96C53AC146AA140D47C25BE8C23439D3E8337E631D053DC05731A3DFE0804D7B88437BA8
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....0...0...............................................p...........`...@......@............... ......................................H-.......p...(...`......x...p...............................................................H............text...{ .......0.................. ..`.data........@... ...@..............@....reloc.......`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.IO.FileSystem.DriveInfo.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):55584
                                                                                                                              Entropy (8bit):5.421731221282382
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:LLOsLf//M8/u0koRo21g1PC9IsUskTxQe9zw:LLOm/MH0ko71g1a9hUsk1Qaz
                                                                                                                              MD5:BFA347B933AB991BD559EC0F1AB88606
                                                                                                                              SHA1:E60346A26887B671798AE0980256481DC4595340
                                                                                                                              SHA-256:5768F71AB7DE850C1EEE9AC0E2F3FBE66683E90D018B2D6066EC3DC173CD7A9E
                                                                                                                              SHA-512:E14E3CFE3C588096612EFFBB8974F6E9E9D74E1726604F6442DE6D738953694111786A14A091F0D2B553BD54C0F64879EB75926C40918B7425C83F11D1F908D8
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." ......... ......................................................(l....`...@......@............... .................................................. )..........X...p...............................................................H............text....p.......................... ..`.data...E...........................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.IO.FileSystem.Primitives.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):15536
                                                                                                                              Entropy (8bit):6.804299068934078
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:3z1OYUxAVY+WqzjqWoS3WT56Os1HnhWgN7aIWfICjVi6KrIX01k9z3A93ih5b38c:D1uADWqzjqW45kHRN7j49R9z03ih5j0M
                                                                                                                              MD5:0E66EC503BB83D3523A56E15CB046837
                                                                                                                              SHA1:CB42580FCD8978E33A315ED8AF8289010C0757A6
                                                                                                                              SHA-256:499465AA5308C99AAEE8348027D46A0524183B4B8D9E8888216499701E872131
                                                                                                                              SHA-512:D9DF865581123940322F68CBF86FF1B3BD52E5F8FB77A2DD2CC35DBF445DA46EFA6C917237A6AAB36398750CDCB9B4FF8E18707CE19459CA3163584CCD63B041
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{TU..........." ..0..............)... ...@....... ...............................r....`.................................g)..O....@...................(...`......h(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..D.......#Strings............#US.........#GUID...........#Blob......................3................................................!.2.....2..._.....R...........E...........u...........Z.......................A.....s...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.IO.FileSystem.Watcher.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):88224
                                                                                                                              Entropy (8bit):5.8740674630196406
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:tPf+v1C2nUQAOT1sJu0Z33qpE6mZr4GBo333333333333AQ3Hkkk33kLHtSpi1zE:tPWdVn5Apu0ZqpbCr4G633333333333E
                                                                                                                              MD5:51D79550890283D49FF484B9E10A5B89
                                                                                                                              SHA1:347DE1FF85F362844ECCADC266ED2F4A57A30C82
                                                                                                                              SHA-256:1773319864857AF405164D479C72928684A5EABC02B22A1152C3C1273ACC85CA
                                                                                                                              SHA-512:3BDC01A82396EB2819B56B8240471D4424AEE8326EF980B5F62095991BD8A395A1B2FA71AAA0D97527E52AC761A50B53D0D2423B1A1F23F70EC1AB0D48DAFA39
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...v.^..........." .........0...............................................0......g ....`...@......@............... ......................................h).......0...(... ......X...p...............................................................H............text............................... ..`.data............ ..................@....reloc....... ....... ..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.IO.FileSystem.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16136
                                                                                                                              Entropy (8bit):6.7263231671732715
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:hzRHCd5W/zX2WP5HMTb2HRN7i0pR9zQHN9:hzRiOXX5HM/ii0D9z6
                                                                                                                              MD5:CEFC7034F99889390C9E92652DBA70E2
                                                                                                                              SHA1:518270916551803099B8C3BCF4F8AF336C5FB28E
                                                                                                                              SHA-256:728A79D1538431AB200A8013F72F55242F9B4D692ADAC3838212C93A887D053A
                                                                                                                              SHA-512:463144161B02FD42FAE3ED1E40A819BFD3690E8FE84F0B61F85134F6AE6FFFF708D102FDE126439A036D73555BE40214C57AF0CC958F379151864C961B7C5504
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...4............." ..0..............+... ...@....... ..............................o.....`..................................*..O....@...................)...`.......)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ......................L)......................................BSJB............v4.0.30319......l.......#~......p...#Strings....h.......#US.l.......#GUID...|.......#Blob......................3....................................../.........h...................................J.......a...............-.............................../...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.IO.IsolatedStorage.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):92448
                                                                                                                              Entropy (8bit):5.816505926226215
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:HmPqhJcqhDwo3SjZw4gGv7+J+lOx5h5haITz:HmSncqhMo3SjZw4gGD+J+lOxTjT
                                                                                                                              MD5:464FDA106B308A2AA24E422316E7C31F
                                                                                                                              SHA1:65AD91FCFB31CB7551FA662355D9951733CCFA0A
                                                                                                                              SHA-256:D55293C93E77DA7448DF2C5996D3BAE412F39BEC8629607AF8B9E57E40EF774C
                                                                                                                              SHA-512:4A6F3C95CD14D6BDB3E59B8C54039227ABB49E5FD70308BC6239032165CE56BA248EFB77A3BEF79D207E9CADA7B8213C0635443A5ABF9AD9C39BDCFB539A77EF
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........0...............................................@............`...@......@............... .......................................*.......@.. )...0..........p...............................................................H............text...]........................... ..`.data............ ..................@....reloc.......0.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.IO.MemoryMappedFiles.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):84240
                                                                                                                              Entropy (8bit):5.799721262670742
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:NFB5x5ebzpb/qs7in9eq7Zb8GJZe/cC59nkA6KiEazI:NFB5xet/q99vb8G2/1fkAmk
                                                                                                                              MD5:63D78E1103976DBC526797C308DF2F81
                                                                                                                              SHA1:EEAE171E12E001242E8CB99AC2C268D37B514C5D
                                                                                                                              SHA-256:DBD43520EC22C105F1AFCA90A0433DDA4C9914E429CC8831C1D24F5106CB88ED
                                                                                                                              SHA-512:FA59A355B45427447676115754F188CEA0F1CB672FE528E248B00FE5556766438DF7E027314C1850D60FC145D7BFFA253F2F227A0664381A61DD466CE53766EC
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....q..........." .........0............................................... ............`...@......@............... .......................................%..|.... ...)......<.......p...............................................................H............text............................... ..`.data...`........ ..................@....reloc..<...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.IO.Pipelines.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):77984
                                                                                                                              Entropy (8bit):6.2394341567260145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:xwgRmht72hqC4bgN0xmRpevE6UuanHoPF1FViohzUp:utyhqC4bgN0xmRpevE6UumHoPvF1hYp
                                                                                                                              MD5:8E5454473E5660EEB1E59DEF3E682537
                                                                                                                              SHA1:554D74A0F31FFBB24400DCC919976BA7ECF2363B
                                                                                                                              SHA-256:86D0F5BFAAF1B2AB19331B543A736D87B5B58E72158F4DED282122B2E6665F83
                                                                                                                              SHA-512:2AFD2AFB6E1AEA569EF4BFE0B7CE07B84823ADADF0C36842F4B200B16B29FF030A575C0D9821F20CCF1C695307E0861EBB021AB24515B4D4291E1D69AC78AF5E
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....x............" ..0.................. ... ....... .......................`............`.....................................O.... ...................(...@..........T............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........v.....................T........................................~....*..0..........(....,..*..(.....o%......&...*...................0...........(.......(&...-..,..*.*.(....,.r...p......%...%...('...*..((...*.(....,.r...p......%...%...%...('...*...()...*.(....,!r...p......%...%...%...%...('...*....(*...*..,&(....,..r...pr...p.('...(+...*..(,...*.*.(....,.r...p......%...%...('...*...(-...*.(....,.r...p......%...%...%...('...*....(....*.(....,"r...p......%...%...%...%..

                                                                                                                              C:\Program Files\WasabiWallet\System.IO.Pipes.AccessControl.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16544
                                                                                                                              Entropy (8bit):6.7249487962033525
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:+AHYPx4zWLzkPWoSuWXebPpUNTQHnhWgN7a8WeOObTseUfX01k9z3A/mEL:+j5+WLzkPW9Tb2HRN78O/6fR9z+mEL
                                                                                                                              MD5:CF091E48BABE62FED9362E73E47E91D7
                                                                                                                              SHA1:BDD904E4B4942ADF54E04E049A22644C1C7B3F2D
                                                                                                                              SHA-256:3D998ADE558BC81E7DCEED9D27887EE83CF72FDA6C4CB5B67DE91EFCE1AF821B
                                                                                                                              SHA-512:E072E80EEC288FDD7410A4AB2FE29C849DAC9074B5B317B65638407B042A93D87EF1DBC50CDEC600BD020425E310D44951EC620076F3B767F00C3E2028CCA56F
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...fq............"!..0..............,... ........@.. ..............................C.....`.................................c,..X....@...................(...`......\+..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H........"..t...........P ......h"...........................................<linker>.. <assembly fullname="System.IO.Pipes.AccessControl" feature="System.Resources.UseSystemResourceKeys" featurevalue="true">.. System.Resources.UseSystemResourceKeys removes resource strings and instead uses the resource key as the exception message -->.. <resource name="FxResources.System.IO.Pipes.AccessControl.SR.resources" action="remove" />.. <type fullname="System.SR">..

                                                                                                                              C:\Program Files\WasabiWallet\System.IO.Pipes.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):166160
                                                                                                                              Entropy (8bit):6.348790421242573
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:vDqjaVzIWe9hgsXZyPTA8pLtx1k82pqqu8t9X80:vWmVzEosXZf8pLet9X8
                                                                                                                              MD5:260DB0622B1E17664534BF8B0C1EFBBC
                                                                                                                              SHA1:D5103F15797EF16FEBFB97D7C187DC6DF6F1E954
                                                                                                                              SHA-256:8F430889BE0B6033562DF165D0578E7AEA8822FEECD5EFBC82F45FE8A1952900
                                                                                                                              SHA-512:143922793B69844893AE5B0298D1B8201D8761C772D110B7DC635D231B307A3A99716BC01777E2B95CF41CEC683FBA6B775F71736D80ECA98F7369DD06710DC6
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........@...............................................`.......C....`...@......@............... ..................................P...t@..X....`...)...P......@...p...........................................................P...H............text............................... ..`.data...6/... ...0... ..............@....reloc.......P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.IO.UnmanagedMemoryStream.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):15640
                                                                                                                              Entropy (8bit):6.829209512244617
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:7jwddxWuzv+Wa5kHRN7iLNW2IR9zgm22r:7jwdxvLYPU9zJp
                                                                                                                              MD5:68BE0AB76D303B6D6A99F8FF2B3341F0
                                                                                                                              SHA1:0A4889B4C198E72E9607C4F8CB3D97BCD73A0FCF
                                                                                                                              SHA-256:B8A4F7AB6C3D2B80775F45F86C5567CF96C634ACAC488DDD099271DB3AEC5D31
                                                                                                                              SHA-512:EBE10FF0B2984C69296CDEE2ABB97672AE17A27087BED73F8078B94AA9CE3697D6A7CB146807FBF51317506B242AC466A217D0091909F0615923FCBE8211AB8A
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............)... ...@....... ..............................Y<....`..................................)..O....@...................)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~..D.......#Strings............#US.........#GUID...(.......#Blob......................3................................................$...........=.n.........h.....#.>.....>...x.7.................>...].>.....>.....>.....>...D.>...Q.>.................h.....h.....h...).h...1.h...9.h...A.h...Q.h. .Y.h...a.h...i.h...q.h...y.h.....h.....h.......................#.....+.

                                                                                                                              C:\Program Files\WasabiWallet\System.IO.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16032
                                                                                                                              Entropy (8bit):6.661322586094631
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:CN83GyAWjzYbWrrTb2HRN7Zm/DX+iR9z34K/A:MDEYg/io/DuO9zIuA
                                                                                                                              MD5:3F91ED24D53FC0CD2316489625DA65A1
                                                                                                                              SHA1:58DA7465B7F9870C4A1F7E85628D6545E10D9305
                                                                                                                              SHA-256:1625DCDCC918B442F7CE2BFE7CF3E999D7DE3265DEC8812E16E28AC77EF4191A
                                                                                                                              SHA-512:68148563A68F0B003EFAC6EF3793179C4EF0DB4270E1868B2A92AA338E057A1650D28C86425021831A2E2952E536CBC9881D6E6E86B72BDF95C7B40B9BBF1407
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............*... ...@....... ...................................`.................................7*..O....@..$................(...`......d)..T............................................ ............... ..H............text........ ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B................k*......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~...... ...#Strings............#US.........#GUID... ...t...#Blob......................3............................................................=...........h.....#...........S.....i.....8.............................Q...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Linq.Expressions.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):3676424
                                                                                                                              Entropy (8bit):6.68461658253727
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:P6S6FKfOBP0DzEUsp4Zq2daW7L2+K06Fs4sZ39SursFIW/pc:NOB88mbp8ursFIW/pc
                                                                                                                              MD5:333453A0EAF47D9F38C18B7EA98791CE
                                                                                                                              SHA1:86B89E8F5F5E797FDBC89C0BA2CE2335AA3F9DA6
                                                                                                                              SHA-256:90B62ABAB3B37B3259DE38DC4096E637CEAC5FC0D19AC1C2370B133385343BE5
                                                                                                                              SHA-512:161379CD63538AA6179F46FF3510B2DCCDDFF02365B27C3A49FDAD846DCF04B7E6B22EEC59D15AC55B0CCCC37C752F407EA7C7309EA3B6555B48DC273638D910
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...}............." .....P1...................................................7......68...`...@......@............... ..........................................`.....7..)....7.,f...b..p...............................................................H............text...dK1......P1................. ..`.data........`1.. ...`1.............@....reloc..,f....7..p....7.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Linq.Parallel.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):805024
                                                                                                                              Entropy (8bit):6.7412942439374115
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:nbwydNdBKTLDzuU4/sKE5QmSfc+1yQgdY5UrG00eK0CszcyYX:nbzTKTLPuO5QmaryQgdYqa0ZK03G
                                                                                                                              MD5:F363BE521A0453351EB42EA3C67FC597
                                                                                                                              SHA1:47193167A254BCD8AAE569EF83483578124ACCA3
                                                                                                                              SHA-256:E57615241B26EB0F64E286634536701FD83AEB23F5CBC0D8F85EC06C9C5D8EEC
                                                                                                                              SHA-512:7DA9DAFEB2668913A354747EEFF85D1A19EB16F9A8EEA4C1EC20AE2808B46D034E0D7E9AFAC5DC26B97836174A4AA264F90B60E5762AB6C664C462CF49D5932D
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....0..........." ......................................................... .......`....`...@......@............... ......................................p....d... ...(......T.......p...............................................................H............text............................... ..`.data....U.......`..................@....reloc..T........ ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Linq.Queryable.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):174368
                                                                                                                              Entropy (8bit):6.297143425599485
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:pmiadgej2mgA0o3eXZI6e07fww49JKKtLraZE:pVadgQwA0/pI6eufww49jra
                                                                                                                              MD5:57DA69A19CA59EB0D53F84BB1F7B0ED0
                                                                                                                              SHA1:ACA19FA04797A668C7F4F8268D6EB80BE6C86994
                                                                                                                              SHA-256:75534A59169576535B7E122517A3C62F2886A91BF5A82CE7893145DC2DFCDFED
                                                                                                                              SHA-512:DC7526D8D1D3CD24DD6650CA0B16A376D414C7D9C17AE4A2AB0DF318F33F5517FB9B78D97EE98324F93BD6E00D40BA9B910A1F515F8A7FA0145F803DC59B04AD
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...%.M..........." .........p......................................................o.....`...@......@............... .......................................+.......... )...p..........p...............................................................H............text............................... ..`.data....V.......`..................@....reloc.......p.......p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Linq.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):542984
                                                                                                                              Entropy (8bit):6.739549227966594
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:ixFcC4bb36zSgsrusOv38qA0s4WfufbFHJMb3xqHGYzXhMxjCUoTcs:p7b3ScrusO/yEvuhsQWF
                                                                                                                              MD5:D73DF2444EB9A148267E3E6BDD0369D4
                                                                                                                              SHA1:BA50AA3980E878912ACE9432748429896E9AFA01
                                                                                                                              SHA-256:9325875D295867D4879329718BF488D2F09E71369AEDFCFDF64BEAED94CD77CF
                                                                                                                              SHA-512:5F9722637D96211A726E7C4F3D91AD75AE1B581F763EF12383D935CAEA35906F5131FD26869FFEF45C679DD09BEEB1B83108A33F6B0399C80D82CA8FAA154E23
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...[.~..........." .....@................................................... ......|.....`...@......@............... ..................................0........J... ...)......H.......p...........................................................0...H............text....1.......@.................. ..`.data........P.......P..............@....reloc..H...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Memory.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):157968
                                                                                                                              Entropy (8bit):6.473689636602464
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:idN96N/j+0sbFbqX63vwZuIBo7M5F896ToYd4CBuqmwzhtTihdBV:id6Cb6oIBo7q2G4CBuAhy
                                                                                                                              MD5:FDF556F1ECB52293823D2147449930FB
                                                                                                                              SHA1:471FC8CB26760D408CFED98B703BE1D372C9E019
                                                                                                                              SHA-256:73DBA44FFE0B88F01F6DB5B9DD6ED2EE9B32F70B701113B61ABBCA375962A071
                                                                                                                              SHA-512:70728858810B46FAC0222645C748523D6ACBD60BFBAD3F193A7B04DA97DA97D50B1626EEFD50DE6D2FE5E5CA3D9A7C0DF1445E6BF7F3C6DE51D9139EBB90CD2E
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..............." .........@...............................................@......e.....`...@......@............... ..................................@....6.......@...)...0..........p...........................................................@...H............text............................... ..`.data....".......0..................@....reloc.......0.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Net.Http.Json.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):129184
                                                                                                                              Entropy (8bit):6.196182201185644
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:db8ZSzjfIgHAOaaRH8/OhcRRY4bexrSZkXs3pMG3g5:dpfIKJxRHMOhOXZkcyx
                                                                                                                              MD5:FC5423D96F53F79835A99E903CDABCA2
                                                                                                                              SHA1:54520BF28E6FC135CDA9968F28D0D82335F58CC3
                                                                                                                              SHA-256:DCE80E8CE80920A5CBEC17C53819532441BFE8C156D390A104902D8AC92AAAC2
                                                                                                                              SHA-512:9AA8DF49D9E3B1E0279E14D36E7C40CFA73BA984B284DD0327F9A5283009C4951B95DD576DA3555B17A785EE6925E7ECDC4C55746A1324BAD454A3ECD59346AC
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....M9..........." .....p...P......................................................N.....`...@......@............... .......................................4..<........(......l...0...p...............................................................H............text...Qe.......p.................. ..`.data....8.......@..................@....reloc..l...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Net.Http.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1730736
                                                                                                                              Entropy (8bit):6.697534520521799
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:dF4JrsKQUlgiBdphGoKw9wx49HpiWTCIa616dnWq0xs:T4JrRVlNzGovVrTJe
                                                                                                                              MD5:47471E0A28F58B25A77377743CAA7490
                                                                                                                              SHA1:397F887362FE745B6F5DD3C2833EB38DF755CAE4
                                                                                                                              SHA-256:A50789ED097CD291F21FC9626F86B2C652329F87FBAE813DBE95211DCB476B46
                                                                                                                              SHA-512:DAB52EE2802D5D71C23349BA9687033F0F8546AFF64F1EBDECE3CE308F72F92E1F0A373303BA6F4DABD481188F208B9818E12A19DF1A6900000127BF0E294C43
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...Wn..........." ......... ...............................................@......d.....`...@......@............... ..................................P...,K......@...(... ......Xo..p...........................................................P...H............text............................... ..`.data........ ....... ..............@....reloc....... ... ... ..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Net.HttpListener.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):551192
                                                                                                                              Entropy (8bit):6.570846842688019
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:bWmIFBDqpp84F/B7VRZ3KYNB0hZJ6c7fkDNRd2B/eBl3EWZg7gG3qikXOG4dr1u:/eip84F/BJNuZJZx++WZgLQOzr1u
                                                                                                                              MD5:58E1014D81879A0CDB1E0D399FF071F4
                                                                                                                              SHA1:ADA817386BDC436DBBB750C9988CD4EEA9F29827
                                                                                                                              SHA-256:89244804957FF141AC4F375F79690B5F2FE7CCDE9D749BBF518B9781B15F7F53
                                                                                                                              SHA-512:C241CA5954EC8FF8D28D075F871908D8BF6F3C002C18E3750D9CCE680724D0E4EC030B3A2E9EE2F08DE0D44F0CA9CF0505DC4C2A56C69B6741EB4F4EAD8F9407
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....X..........." .........................................................@............`...@......@............... ......................................T...0*...@...)...0.......,..p...............................................................H............text....s.......................... ..`.data..............................@....reloc.......0.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Net.Mail.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):432304
                                                                                                                              Entropy (8bit):6.5500778471744505
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:r4eeH1ZIkkGnQkWutUHmIczJD8USz4O1ViVhx7dSYbmqRSkrJ8kkYg3QNwMORYz:BZ4IIp8z70xpSk4QNB+Yz
                                                                                                                              MD5:7A69E911956123C1DE4D1AD3797D39DC
                                                                                                                              SHA1:74CF652D43A25FF5BBE706D775F31BFBD04EBBE4
                                                                                                                              SHA-256:9EFD173033F417AF3D9A746C5F057AD01B212035701EBFF4FE1DA69508FD00EA
                                                                                                                              SHA-512:40228F640311530B2E188B7FFE3A12FAE05E2089B0A71714B2DDDBA7152C5F6889E202D2F1A0290566BE2E2478802881F32160FDF56D771667062A5D7700028E
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...~.g..........." .........................................................p......Mt....`...@......@............... ..................................P...P....)...p...(...`.......*..p...........................................................P...H............text............................... ..`.data...Rr..........................@....reloc.......`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Net.NameResolution.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):112800
                                                                                                                              Entropy (8bit):6.132482915388226
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:MCkAJ89lSAIFIpp8oXAcRKdRWWZDFduWF8XwYwiTzh1:MCd89MAc2p8qRggiDBF8Aot1
                                                                                                                              MD5:30707C0369A99D722ED9D0D0B1BE8E82
                                                                                                                              SHA1:969842DAF580E30847248FF3BCB14A94FE576AA9
                                                                                                                              SHA-256:51030C04DB15A86D9AFE1D961E252DFF8B95453A26057475BA5B634CD2E137A2
                                                                                                                              SHA-512:33D86B596E3FAB78E18E2B7591537CAA1DCCD6439DB5E50FF7F433F0C3E484786A510BC32E26EC1127A79774DCC348DC97C5417D7C217B63114B1860450E2791
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....@...@............................................................`...@......@............... ......................................`1...........(..............p...............................................................H............text....7.......@.................. ..`.data...B$...P...0...P..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Net.NetworkInformation.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):157960
                                                                                                                              Entropy (8bit):6.294318276862674
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:hk/1KeXCmzLST4L7rGE5RtqbqeQGwpncU/SLVXyVMn9akmebn9:O8GCwLu4SsRQbIfqzmm
                                                                                                                              MD5:E7FBACB97BD1EA37E5F2B8ECB59E6721
                                                                                                                              SHA1:92480B78636D84ED71587A3FEE732C360DF163F9
                                                                                                                              SHA-256:1600F9152491EB0C839CE1BCF49E933778B56656BF85FAF867A5FAC518032E28
                                                                                                                              SHA-512:B57BB6C27C1E21144BC507BF02C505EEE24F47B4AE6046CCA6E8F9C20DB1BABD1B49516C960580C9E90A7489911C2D5E0F647817D2B7FE7591E9C440A2DBDE7F
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....Z..........." .........@...............................................@............`...@......@............... .......................................9..8....@...)...0......(...p...............................................................H............text............................... ..`.data...T&.......0..................@....reloc.......0.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Net.Ping.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):96432
                                                                                                                              Entropy (8bit):6.097643229452113
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:0Nq3ypC9N1fwwSZy9hswibRSsYwlFb0I/gJR7SSNNJkZphyNVcD7zIM:0N9C9N1fZgy9hswZsYcN0LJR7SAfuphN
                                                                                                                              MD5:7C497F4C2B653146DF5DECCA8D591148
                                                                                                                              SHA1:4F5472EC92617A2A3D113D458F28B8E5D1B357A2
                                                                                                                              SHA-256:57D47663D269A3610C4EE6EAAC22C8E68192370117D5E8665EC7DB2690E7982E
                                                                                                                              SHA-512:DD9E38CB4497AD7CC1C7606EA3C25E1EBCE163CDA7AD77D9047035D70FE3C40A8E93559B50C0F014F762ADA5448216D30F5C1D687299C29136BB87DCAE2AEE56
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....G............" .........0...............................................P............`...@......@............... ..................................P....,.......P...(...@..(.......p...........................................................P...H............text............................... ..`.data...,.... ... ... ..............@....reloc..(....@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Net.Primitives.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):231584
                                                                                                                              Entropy (8bit):6.472741871752664
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:LHKY7AQhsFgoZrgy5HSchuzeQ4X1VjK6uJQ+Y6MFot/qxloV2O1wcyR:Ld7AQhsFgoZrBccgeQxRJNty0V2YwR
                                                                                                                              MD5:F32A9CC54F2A4B952E804431E766D10E
                                                                                                                              SHA1:8341DF972ACD025C71B0491F9DE89293918550D3
                                                                                                                              SHA-256:BD0A100BCD554F2CB8616B6D88DECB4BFF28A692F33DCE98B386ED9A36344173
                                                                                                                              SHA-512:F613547B7EA740D23CE4D0490A1AF88D36B5A67C478925D20CB7973835F01457137C8308AC13110546892303B1A8BBBF2507CADB4A9593871C13ECFA667EE128
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...r]..........." .........P...............................................`......R.....`...@......@............... ......................................xU.......`...(...P......x ..p...............................................................H............text............................... ..`.data....7.......@..................@....reloc.......P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Net.Quic.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):280736
                                                                                                                              Entropy (8bit):6.487999333249609
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:81DeSasNRDj8zM9FN47HvoTEuSpvvmDuHqH2xM8pSq/Ymk2St:kqsnDj8z2FNIoT9YvLRMzq/I24
                                                                                                                              MD5:67CBBA4D34336EAF2BCDB051B86E5FED
                                                                                                                              SHA1:ECB18F30AC6E4113315A5FE62FE951E85780DD95
                                                                                                                              SHA-256:228675C1ABDEB436D1C4DA706BD207C13CC6E47D6A3F74BD6EC43C37880C987E
                                                                                                                              SHA-512:D88FDC2C49D1F0B57ECFB7BF863B794E026E83F7ECCF9F98DD557174E48A3C24CE0B0095CD07167F0652A64370F958D0C22626F864C018B20C8D481B2F386450
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...J.B..........." .........p............................................... ............`...@......@............... ..................................P...Xb....... ...(..........X!..p...........................................................P...H............text...'........................... ..`.data....U.......`..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Net.Requests.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):346392
                                                                                                                              Entropy (8bit):6.516424587363757
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:GdkcpGo/gkKN8Gdtmb/xkDtMe15Ar0ugZIDqdDpck+f63Cy1S6v:bcpGTN8+ts/xkaeG0IdHuCy1l
                                                                                                                              MD5:D84CF0B618E4C9073DB779678684A3E3
                                                                                                                              SHA1:FC687DB1537241F9EAF73E13101513C341D3CD82
                                                                                                                              SHA-256:941455F90908BBA4B0B0448A25FBC7575D9C3C56F8DD97A5FAE3E34A3EBB607C
                                                                                                                              SHA-512:289D0B3AC8F9C48A4F57EA41E138EE3F80199F057ABE7F6309FE5B6F9D81E8790DE322E8F9D59F6FF662B900DB70267437182B99F08D47E22CE78909C7C7B250
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." ......................................................... ............`...@......@............... ..................................p...X....#... ...)......H...8)..p...........................................................p...H............text............................... ..`.data...=n.......p..................@....reloc..H...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Net.Security.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):669856
                                                                                                                              Entropy (8bit):6.744523052801286
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:bh8eFVq3X+1dJwZJoCUz8QjL7NFPth4dEx6wK482mIYcXd:bh8EAsEZaZ/Fs86b1/jcN
                                                                                                                              MD5:DE308CC3628320C4381FF1DD05B89D84
                                                                                                                              SHA1:85CA6D3CEE35ADC66EC9AB02FD96157E857867FD
                                                                                                                              SHA-256:D5A04507E3CAB514D941D540F1B2CC6EA4A1AC5C9E58E387E9CF2C651D89EA34
                                                                                                                              SHA-512:F4968952D72F042475331D70168EE6C0529A05F0E352C27FFCBD2D4CE62E5675FBE17C3865FFC3EFBF510ADABEF7AEE00D3979EE97D5E7BBA1AEFB9691BCEBF2
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....F..........." ..... ...........................................................:....`...@......@............... ..................................p...`....8.......(..........8+..p...........................................................p...H............text...A........ .................. ..`.data........0.......0..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Net.ServicePoint.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):47384
                                                                                                                              Entropy (8bit):5.317580469197621
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:xicyP3HnppKzS/Y7Fzq7roiIxPM3kUOe9zIB:xicyP3HnppKO6FzqYi/kFazIB
                                                                                                                              MD5:D0F198545355047E6174EB56908BBC1A
                                                                                                                              SHA1:0FCFBAD9784C3E9B7B3B24DCA40ED182CE00CABC
                                                                                                                              SHA-256:D44BBD49C9A417F9E935740D4D7A2B660744249E2C24C06B7A5B68F70C3D83ED
                                                                                                                              SHA-512:6DDB2B3B8B3CEE6F3BC60575A5120AFC629CB1EDC52627C033BC8DC8638C792EA11044E14B7ECB938DF0344B71315323E8EAFADA698E0B4225F45DEDBB022FA5
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...,............." .....`... .......................................................d....`...@......@............... ...................................................)..........P...p...............................................................H............text...8U.......`.................. ..`.data........p.......p..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Net.Sockets.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):542896
                                                                                                                              Entropy (8bit):6.639926521912049
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:v8ZvmhEhAgqQOn/sA9XsMmed/JaE/Ptuf1VjoZ:v8FmOA/7v9zmed/Jhutp6
                                                                                                                              MD5:021EB4D82CC85EAC12118E0D5A993BDD
                                                                                                                              SHA1:6A649A9740B125D74395FCD728C20E4B9EC0347B
                                                                                                                              SHA-256:92AAB10A2E34FB3392DA91776D8BD551D5FEEED807DFC21C67DBD31F47ADC988
                                                                                                                              SHA-512:019499440F29D61F6A1A910AB152C474BF33D5909F1BE6AC69A1B8EBD674608F1AD3E21FA37C33D4637F542B302DE7A701A688637D3FFE416F9BE9B561C1437F
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." ......................................................... .......4....`...@......@............... ..................................p...p...@8... ...(..........x4..p...........................................................p...H............text...8v.......................... ..`.data....y..........................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Net.WebClient.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):170248
                                                                                                                              Entropy (8bit):6.429275588531549
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:hqzM6IfDIYQ8nqNIJ55jypCTpAY3ykJ9ricBFpR/Hpv:hwHtYvn8IJySpPFHV
                                                                                                                              MD5:85BED171A167A9204B6C27C298ECE979
                                                                                                                              SHA1:60442F5B0AF5DBB2AEB0723D1CD332E73F0F30E9
                                                                                                                              SHA-256:CD2957F8B033FDEF72DE7819CA29980BE0DB22416DBB829E9325524D528BB2C7
                                                                                                                              SHA-512:219EE71262F2EAE499549857A0ED1E9EC46707E9E1F4CBFC535F711EEAF35E711B8ED976E1199C23C3852609DC6E428A60AF9B51FAB3D2FF9428B70AFEF77F07
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........P...............................................p.......Z....`...@......@............... ......................................\K.......p...)...`......8...p...............................................................H............text............................... ..`.data....8... ...@... ..............@....reloc.......`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Net.WebHeaderCollection.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):67872
                                                                                                                              Entropy (8bit):5.781406259004817
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:SiyDmdpxYexI0Yx82s88krahmqOwA83qJKAFE6WHKV6q6G22N7XK6RH4wqYXYsYG:SiyD8px7DYx82s88krahmqOwA83qJKAb
                                                                                                                              MD5:AD29D993BBE786A1AE9F78D42693BCFD
                                                                                                                              SHA1:11C253DFAE8FB72189F344E669836C97349B6E42
                                                                                                                              SHA-256:99E4CD86140694E47F512EB63E4E1DB4AF7256101FF967E839F963DA74F02F78
                                                                                                                              SHA-512:75FF03BF5D8260092960FAB33AE08F422828ABBB16DAE405533F11812EEFAEF8488703CE7E8BD86AC0BDA98C2D201E581C14D8A736FF8D81B8B7B516BA7B30E0
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...Z.v..........." ......... ......................................................^.....`...@......@............... .......................................!.......... )..............p...............................................................H............text...:........................... ..`.data...............................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Net.WebProxy.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):43184
                                                                                                                              Entropy (8bit):5.444595157329908
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:U3WYzRwW1JtQZkEun+JBTeZDeRbOkKsfJbCLv+CTvLfyOQEi066gaiGn5kHRN7KR:UvRbJ+DKEJ7O7o6ji9wts89zF
                                                                                                                              MD5:14E958877105B2843621184664E81967
                                                                                                                              SHA1:D7F85D0A8860EEE0443134DB91F200B51BF46755
                                                                                                                              SHA-256:47945E46C9D370EBC9B0066E46B968AB85805A665549824C151E4954997FD42F
                                                                                                                              SHA-512:680EC1D83A264CCD919033513BF49B7BBC729BCCD6FDD83113E99E9A6709F5232191FF7AC10D53A0F49C5B284DCC2CFC77BAB96D53F931309A3A6048140525A2
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .....P... ......................................................D.....`...@......@............... ..................................p................(...p..........p...........................................................p...H............text... L.......P.................. ..`.data...=....`.......`..............@....reloc.......p.......p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Net.WebSockets.Client.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):100640
                                                                                                                              Entropy (8bit):6.037550835040538
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:yyJ4Xlu9IUeFYv9AfOWog+qBWO7btfLLEOfUazx:yyJ4XlDlu9Bg+uV7btfLLEOr
                                                                                                                              MD5:4CBD1F802B0DBF04ED8E3F22F65DBF4E
                                                                                                                              SHA1:AE22CBE3041258EC9F5C55705AA729DE44F1CCCE
                                                                                                                              SHA-256:7F3D954268C28FC17D702D1926F941747AB38A84798CE955DCF59BAAF561ACE4
                                                                                                                              SHA-512:B150243F2C1F776CC8DAB3050355B1C5DF66C87BDDA7EA4FA9611E4D4855792F8FFAE5671E74670C144477577E7BC81C441A8D0393D5F996A55E270BBBAF1EFD
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....;..........." .........@...............................................`............`...@......@............... .......................................,..<....`.. )...P..x.......p...............................................................H............text...[........................... ..`.data...s!... ...0... ..............@....reloc..x....P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Net.WebSockets.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):190624
                                                                                                                              Entropy (8bit):6.366978765285093
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:ZDOYp0taypJKO0BYnjbpL8DqJVyR3IUQeu0IeW+1omEAa9NYLbkbmvh1dk8I8mth:ZtpKanRnYQzIeW+1odmvhbl7mtxL
                                                                                                                              MD5:7912C8B15632D202EF2E8996C7AEDCBB
                                                                                                                              SHA1:636F8B533D26B6FF860D7AB8524C71101C887143
                                                                                                                              SHA-256:05A1608FA3D49EA463AFCBA5A3F5A1B47D37DEF7D250A952F7BDCD1C19814016
                                                                                                                              SHA-512:FDEAB666A24D0AA7962321289F48EEBB0462A3B8AF4083D88304E01361879911FBF0829BF27CE5B01B7F18711716592FFC4E73EB03AF1A3F546E9566C30B1013
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...s..........." .....`...P............................................................`...@......@............... .......................................L...........(......d.......p...............................................................H............text....Q.......`.................. ..`.data...O7...p...@...p..............@....reloc..d...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Net.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):17680
                                                                                                                              Entropy (8bit):6.612754333360444
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:S313UL9WRzBVaWjTb2HRN7FpNbZR9z8szT:O13UijX/iXFT9z7T
                                                                                                                              MD5:19F45ADC812EC554A425A6C71E2CD997
                                                                                                                              SHA1:694159C10628FA0F5302A54B21955B23622118B2
                                                                                                                              SHA-256:CB157C5C01A1E822F674EB91C22EB8EE42FB5F13489D659C26F7D5A8C99EA460
                                                                                                                              SHA-512:C86C8A08E0584358F9AF9A344570A52996D1E90E4FC065AFE85CF81A6F620F004F254429A6CD40E5114499EB19D93B3944AD95BEA8ED87431CBB4DE0F8CC774D
                                                                                                                              Malicious:true
                                                                                                                              Yara Hits:
                                                                                                                              • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\WasabiWallet\System.Net.dll, Author: Joe Security
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....\............" ..0..............1... ...@....... ....................................`..................................0..O....@..4................)...`......./..T............................................ ............... ..H............text... .... ...................... ..`.rsrc...4....@......................@..@.reloc.......`......................@..B.................0......H.......P .. ...................p/......................................BSJB............v4.0.30319......l.......#~..|.......#Strings............#US.........#GUID.......|...#Blob......................3................................6.....x.........................../.......L.................................p...........................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Numerics.Vectors.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16032
                                                                                                                              Entropy (8bit):6.693064023810699
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:B9YIrWHzWBW7Tb2HRN7h5iDX+iR9z34KHz:fJuWi/iqDuO9zIsz
                                                                                                                              MD5:695309E2CEE786A14DA6F5937A39F219
                                                                                                                              SHA1:EDC50396C785228627C5051A250C1984A14A62E7
                                                                                                                              SHA-256:3CEF07216B12253D8BE71B78B5E600020D3B241FB669C738D0EB5AB5FC0E9B10
                                                                                                                              SHA-512:1165D45627303142B0B46237059E3EC88B5F3314312E65E76CF09B49BC0F6442942E8E6B381B60F0158259F9550130B10A881E316FADBDE3A1DC534E3B252FDD
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."!..0.............n*... ........@.. ....................................`..................................*..P....@...................(...`......()..T............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P*......H........ ..X...................P .........................................H]...m..SE...@.........c...^u..[....LrZ.......C.^e.A(.}y.cZ.A.D..."%.g..vv.G|....:....8SR..&L....u....7xC.$f..\7.OBSJB............v4.0.30319......`...8...#~..........#Strings............#GUID...........#Blob......................3......................................D.........]...........v.................\.r.....r.....`...8.....0.......r.....r.....r.....r.....r...}.r.....r...........6.....

                                                                                                                              C:\Program Files\WasabiWallet\System.Numerics.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):15520
                                                                                                                              Entropy (8bit):6.717535221565431
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:mF7xXsHmWrzKNWoVuWXebPpUNTQHnhWgN7a8WXSoq0EbTseUfX01k9z3A/mEfeul:s1/WrzKNWCTb2HRN7cvE/6fR9z+mEWul
                                                                                                                              MD5:86F7A0D7DAC4AEE12447B84C56CA2781
                                                                                                                              SHA1:D534BCB9E2B55D51FC339F19FF84845AC63334DC
                                                                                                                              SHA-256:F9350E44B594D79050F3017AFDF8DF3A28FEBEF4FFC9C7016D9A2AE717EFC21E
                                                                                                                              SHA-512:D6C8F5067603941B6D290A1EEA7E9873760C84D79CD9F4504BC9B76DBDF89A41AD575E0297CA5FDF2A944CFE6B9BA760647FC09BE31E55525DE0F2ABEC83D2A1
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;..........." ..0.............Z)... ...@....... ....................................`..................................)..O....@..T................(...`......((..T............................................ ............... ..H............text...`.... ...................... ..`.rsrc...T....@......................@..@.reloc.......`......................@..B................;)......H.......P ..X....................'......................................BSJB............v4.0.30319......l...8...#~..........#Strings....\.......#US.`.......#GUID...p.......#Blob......................3................................................'.f.....f...e.S...............K...........{...........`.......................G.....y.......-...........%.....%.....%...).%...1.%...9.%...A.%...I.%...Q.%...Y.%...a.%...i.%...q.%...y.%.......:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                              C:\Program Files\WasabiWallet\System.ObjectModel.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):80136
                                                                                                                              Entropy (8bit):5.80261207498684
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:E8N5/4De07KXrgcCGfNiQSstWrHGA3hJivz2:E8PJ0urqQN4rHGARGy
                                                                                                                              MD5:AEF264A6181785896C177474772D77B0
                                                                                                                              SHA1:4E6F975DBBE4E1433A165A7E3C415D615AA8F5B6
                                                                                                                              SHA-256:70A5F28660076C0983061E1591CF0FCE7F434452B7AFFEC23559CD3F59F95EBB
                                                                                                                              SHA-512:469520EC5A0D42EBE47B3EA5BEFA53A4B0BFA3AA0A4D36E0696BD482BD2C749AC64283A0775CF1755F2259A655C55453915D61E60B9755343EAAF28277171363
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...b............." .........0......................................................i.....`...@......@............... ..................................p...\%...........)......T.......p...........................................................p...H............text...o........................... ..`.data............ ..................@....reloc..T...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Private.CoreLib.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):13166752
                                                                                                                              Entropy (8bit):6.849676066862237
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:98304:a98Kxc0YsG0TkFyQRHROAworQshgKYowD4gJ0IXKG5L9:aDYSTkFyQRHROv8Qshg9owh0IaGx9
                                                                                                                              MD5:C9A30CE3C7A04ECC28ECA77219BCC571
                                                                                                                              SHA1:99142C2DBEA164337B6392A5A8EA93D2E1298C58
                                                                                                                              SHA-256:C2C602EAD78A3669AF09827333C7A1985041F42D60997DE2D37A4E588D7B4A1F
                                                                                                                              SHA-512:AA37D3733484F70EC56D1E4E458294B2F6FEE00093366E3CD029A3A406B2F81609538BDF434FA9663AB5168BF1181437D050C84949B49FF31FA25BA30CEF86D0
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...*N..........." ................................................................x....`...@......@............... .......................................p..d........(......8...@...p...............................................................H............text...q......................... ..`.data........... .................@....reloc..8...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Private.DataContractSerialization.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2082976
                                                                                                                              Entropy (8bit):6.7033874275803
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:5BOF1vlNnjaq8s+FhOsxGtOEFxOouLsv2DL6vyEI6PL:5B81Uh/ya6PL
                                                                                                                              MD5:83016F1FAF4D493225F76709CE070798
                                                                                                                              SHA1:8526483520635552C049F0245B1030E9E44F1DB2
                                                                                                                              SHA-256:6C3C776D189C57A9823E7DE9FCB82EC73B71D1295C534B329767BF5E74ABF95A
                                                                                                                              SHA-512:7628DD1349DABE9E0B0EA7CF653F49E750A73F42613201A6CAADD0F66FFB809C5B9DA1EFD3DB77BEB8FEB4E6C245C521D1072F2EC1A87511EF3B350392C9080C
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .................................................................. ...`...@......@............... .................................. ....[...........(...p...'.. v..p........................................................... ...H............text...+........................... ..`.data...X...........................@....reloc...'...p...0...p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Private.Uri.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):260256
                                                                                                                              Entropy (8bit):6.613902335931948
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:5ZfAevHZcInBPKCeDc6CK9MG3bMeVmtG5FsGu6My8:oyKDc6MG3wamtG5fuV3
                                                                                                                              MD5:71AA5DC3E05FB3AD1DE3E5E078AD5B64
                                                                                                                              SHA1:8EEF55F396765DCB8CBAE5FBD2FD724B3C518D7F
                                                                                                                              SHA-256:176816ABE06086FB0726EA9FECF0B89F77F2D3AEF4C0C4EE793ED8AF06B68A92
                                                                                                                              SHA-512:A371935FC9916D14A4DD5182C40759B43324A5B3A38A879EBEF4CDCD9F23B4E3C20EB26BC6536A1304AAF08984CF0E0EB0403530192487E449B5896528220534
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....T............" .........@......................................................5!....`...@......@............... ..................................p...PS..x........(......8.......p...........................................................p...H............text....{.......................... ..`.data....$.......0..................@....reloc..8...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Private.Xml.Linq.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):403616
                                                                                                                              Entropy (8bit):6.600440227635889
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:xexlBCAdWedaLF5g7yB4cPIm1OwpXQgQbTClY7zrZjzEOdlIZi:srBZHULF5Rv7/QnCq7z1fQZi
                                                                                                                              MD5:6A2F5FC5D6C3AD0B73BC9A108825E5AE
                                                                                                                              SHA1:534698AA49299F8DCCC9C9C9FF65AA562A25E05C
                                                                                                                              SHA-256:AC8756C8A8D3ADBB1F8DCB8BA8B30047B66A87CAD3B345C216C660633584A491
                                                                                                                              SHA-512:DAC7F892127FBEE751F64ECD2FA44E65AC9DFEEA4F0EF24FAC32CC708CFBC79C92623C4CADFD521CE70E6D4BEA33E8803499D7C369950CA6715023F21A707562
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....N............" .....p...........................................................L....`...@......@............... ...........................................-.......(...........)..p...............................................................H............text...fb.......p.................. ..`.data...Sd.......p..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Private.Xml.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):7989408
                                                                                                                              Entropy (8bit):6.800388983210641
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:0gtCEhlIpFV84Gxp6lP3SsS9Yg1aD7N0EvausUTGgoa3ERosAbjQ9hk88vAzsfY4:0bfxo1m1vAQb1vhYw2Bt5QEFC5cha
                                                                                                                              MD5:CC8C8FB98F5175969D915851B47A3A9E
                                                                                                                              SHA1:BBE9A6CCE88D52E4DD1EE47140FBE287CA987B74
                                                                                                                              SHA-256:71B4507E0CAC049DFDB7431AEF79E7FF33B5898D570A32C3996032B1BD0EEA13
                                                                                                                              SHA-512:5E2BD5330995BF1D6F866A7DEA4BACDD03DE5E707EE78DC657BF2A51CB4B89ED66BA9FDAF88D04FF7E71D1331C51F4D039A680B5145FFFE41830B4E5CE80FC13
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ......s...................................................y......z...`...@......@............... ..................................p............y..(...Py..h.....p...........................................................p...H............text...U.s.......s................. ..`.data....Z....s..`....s.............@....reloc...h...Py..p...Py.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Reactive.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1344080
                                                                                                                              Entropy (8bit):5.880118654033227
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:NPjST4KIzHR40aI6cgly3OxxlCRv2nUpf9KPAdL:xSTjORDaIRgXWf9rdL
                                                                                                                              MD5:0359873EC4EE5EF15431146E95F33360
                                                                                                                              SHA1:390FBA35E54D0972F95CE1425D2C85CB7734F06F
                                                                                                                              SHA-256:BE602EB01817DDF5F1ED3F377787C65F68F509D66688302C030797CE851F8E21
                                                                                                                              SHA-512:BA74D1D94D6920193AD5C80CA2FB48A107330B4986CA8F51A8CC655CE7EF2EC2C9C709514994A8982755564CC19362CA71A7E552A79803D1E6B2719077B9830D
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..N...........l... ........... ...............................?....`..................................k..O.......d............X..P*...........j..T............................................ ............... ..H............text... L... ...N.................. ..`.rsrc...d............P..............@..@.reloc...............V..............@..B.................k......H........h..t...........@Y..(...hj........................................(A...*^.(A..........%...}....*:.(A.....}....*:.(A.....}....*:.(A.....}....*V!.9ta(X...sB........*..-.r...psC...z.~D...~m...~l...sE...oF...*..-.r...psC...z.-.r...psC...z..~m...~l...sE...oF...*..-.r...psC...z.-.r...psC...z.-.r...psC...z...~l...sE...oF...*..-.r...psC...z.-.r...psC...z.-.r-..psC...z..~m....sE...oF...*....0..G........-.r...psC...z.-.r...psC...z.-.r...psC...z.-.r-..psC...z....sE...oF...*..-.r

                                                                                                                              C:\Program Files\WasabiWallet\System.Reflection.DispatchProxy.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):76064
                                                                                                                              Entropy (8bit):5.940147416932299
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:yZFYcVA8CWZpWNv6zIMuSxRZHJ9ZYoqtTJomOTz:yZGl8CWZpWNv6txRZ+NtmT
                                                                                                                              MD5:E7B7D3CF5ECD268A60DF3E349FAFB253
                                                                                                                              SHA1:59282D78F1B0A4D125CACEE1C0304D83D31468F1
                                                                                                                              SHA-256:CEBE4111062C5C5D1138F08F97837DB87E5704AEF3E0FFB3D85C952E6BDA8EA7
                                                                                                                              SHA-512:806CF7BE444D4042D5E437A9C592A91C184526F6A5F7FD18316FC62EAB5B1E82DF34DE66495C1314537195B85D3C110C98FCD275E38AA87C3FDE793A3BEBCBAF
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....'............" .........0......................................................+!....`...@......@............... .......................................$..|....... )......P.......p...............................................................H............text.............................. ..`.data............ ..................@....reloc..P...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Reflection.Emit.ILGeneration.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16136
                                                                                                                              Entropy (8bit):6.738794125640704
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:nWoxvWkzdUWoTuWXebPpUNTQHnhWgN7acWi8RwX01k9z3APOv8FYY:WmvWkzdUWQTb2HRN7J9R9zgcuYY
                                                                                                                              MD5:352C8A724E4C5843822A129F4D8A2EFE
                                                                                                                              SHA1:53B74AE082AC7C70458E92712257A4B99E10F83B
                                                                                                                              SHA-256:BD13A46481C24D618C9E06614045E2BDF7416CA3A7A148CCE7422546B9A8E41B
                                                                                                                              SHA-512:6D5BE2F51F3F08B7802B66E178F131E603B3D24A1019BE18B6BFE69D9F22B495C32F02CDD7ED9D13F5601D3FB64E013549B7F58F875E8B01154CBB1D6F6D4131
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....p............"!..0..............*... ........@.. ....................................`.................................;*..P....@...................)...`......0)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p*......H........ ..`...................P ......................................3...-..sd.q.F....#....".-RDE....X.N....D..I@./..P#....o..-.;.E..Zw.,..W..x...z.=..1B..]..3.$....X*x...0....8W..X..:B....#3>.BSJB............v4.0.30319......`.......#~..l...D...#Strings............#GUID...........#Blob......................3................................................"...........;...........f.....!.b.....b.....7.................b...[.b.....b.....b.....b...B.b...O.b...v.............

                                                                                                                              C:\Program Files\WasabiWallet\System.Reflection.Emit.Lightweight.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16160
                                                                                                                              Entropy (8bit):6.720232085955026
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:dxJxnWAzaVJWowK3WT56Os1HnhWgN7akWff6qLx7hWyttuX01k9z3Au5:7nWAzaVJWlj5kHRN7gXSR9z9
                                                                                                                              MD5:8C74386C50162EA8428738F5C7793FD4
                                                                                                                              SHA1:9F71F6D08583287259921D7120BE73B74509AE52
                                                                                                                              SHA-256:E70EBA93F51B7B29CE7BAEE7A75727CD212488E32E9C78C9BAE24B95BFA261A6
                                                                                                                              SHA-512:9D13F604370EF7095B4759AC22A8B111CACB5D52B82080E48528BED3392F84E522524C6B1195E313C07929C13F0469DEF4A521C6DB0C372340719C00410DE052
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....v............"!..0..............*... ........@.. ....................................`..................................)..V....@.................. )...`.......(..T............................................ ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H........ ......................P .......................................6..{\.3..6.,".W....C.(N.k..(.._..X.5y..>e..^"0~...}-..4..*\"..G...I-..!r%.....R....a.d......1.......)...../...q.F.%....pBSJB............v4.0.30319......`.......#~..4.......#Strings....<.......#GUID...L.......#Blob......................3................................................0...........I.k.........t...../.E.....E.....>.....~.....~.....E...i.E.....E.....E.....E...P.E...].E.................

                                                                                                                              C:\Program Files\WasabiWallet\System.Reflection.Emit.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):129312
                                                                                                                              Entropy (8bit):6.117023927127487
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:DmO54TKiEAYbKatyLJSsVkrch08BR7y/a:DKpfSessu7JC
                                                                                                                              MD5:CD2D9690229B2CAF4C19E4A97B88875C
                                                                                                                              SHA1:729660ECE08D8ADFACC8E028F9C2E2F79CE6FF7F
                                                                                                                              SHA-256:CD1B5DA1A0693D8AD670033F0FA036D45BA64335C31F66D87E7FAF3C8C20E1B8
                                                                                                                              SHA-512:01A1C79F3B9B66146D374E989EA05BBA4E7F9EA4320F738AF61D1BEC79434CDD9D2D44BA48FDEB5CFB6B0E505A822D5E23FA9CD4C358A13CED991C290FAF6141
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...L............" .........0......................................................",....`...@......@............... .......................................+..l....... )..........(...p...............................................................H............text............................... ..`.data...Y........ ..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Reflection.Extensions.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):15624
                                                                                                                              Entropy (8bit):6.796404564261893
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:4EDs2UW3z3WWhmTb2HRN7+t4XC4deR9zZjy6rRdvJ:NDs253Jm/iE4XC4dC9zZjyQ
                                                                                                                              MD5:D998271285DDA42E3B098E04B8A081E9
                                                                                                                              SHA1:AA49DFECD48E1DE926E311E75CF5BEC96B5034B1
                                                                                                                              SHA-256:B06010B2BBE762F3B67A565C60814620895F9BB5E0C3EDDDA854741881C1D73A
                                                                                                                              SHA-512:E5D4F693560998F3DC2954571A3D5DA3A247CFE6ED90D5183A4B74D8A0ACC7349DB8AB7BB0AA157F06A357906AC1A75115C5FF4831B0845C15D4B92DE27CED01
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....09..........." ..0.............z)... ...@....... ...............................m....`.................................%)..O....@...................)...`......,(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................Y)......H.......P ..\....................'......................................BSJB............v4.0.30319......l.......#~..(.......#Strings............#US.........#GUID...........#Blob......................3......................................................x.....3.....4.....^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Reflection.Metadata.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1116448
                                                                                                                              Entropy (8bit):6.6442883742267576
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:Z3e0zYOAAJ8+uHVRA8WDlLeO9om5EoU/mSdWKURfeGW4brWLoDzgVd:Z3e0nnJ85RocOWmc/DamGW4bU
                                                                                                                              MD5:9BE8531AF637AFD3FD39123BB67CF90F
                                                                                                                              SHA1:152A406D552176107FA3C5850384B458E21FEAE9
                                                                                                                              SHA-256:338C44DDB86B0B251D5EE35AEE914F97AD1A6C872A3334C1B55B8C786EFDD4DE
                                                                                                                              SHA-512:44AA29635D0D85EDF6A12853BBB673CF1AECAA4275B6B4F447EE96F8D20A21AF864B9C1E24FC6D389C3540B2D3EDA644B86585894B9F70FAC1903B52E8C7E1DB
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...B............" ......................................................................`...@......@............... ......................................@.......... )...........W..p...............................................................H............text............................... ..`.data...A...........................@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Reflection.Primitives.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16160
                                                                                                                              Entropy (8bit):6.7710557177810236
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:vsiCTxMWfz/+WoTA3WT56Os1HnhWgN7akWfsXJNVAv+cQ0GX01k9z3AnkBU:1GMWfz/+Wit5kHRN7HNbZR9z8sU
                                                                                                                              MD5:ADA432AD975EB8E3C030E5F9B5841A9E
                                                                                                                              SHA1:4DD74D489E767CCAD219EBA64EF7B4ACFC0110E8
                                                                                                                              SHA-256:B9B96DF25E78B0CA2A5F636F1764F249A13B61E6342B2130389F86265035FC88
                                                                                                                              SHA-512:36CD9122C1CF7B2E9D3E55D425075C005140549EDFA0BC4DDFAAD41B63EABC6F57090AA24845A02D800221CCEE9461C5D127FE48B4FC4BE07BCB428DE69398A8
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....xu..........."!..0..............+... ........@.. ..............................H.....`.................................5+..V....@.................. )...`......8*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p+......H........ ..h...................P ......................................7..j{.+..p......$.n'.M~.x.u.k..XiM..|..sE|!..M..X..vD.A.U.lE...`.cY.P...ArB^Yh..(&..f.....'...............].jk. 9.../..LFBSJB............v4.0.30319......`.......#~..........#Strings............#GUID...........#Blob......................3......................................3.........@...........Y.................?.g.....g.....`.................g...y.g.....g.....g.....g...`.g...m.g.................

                                                                                                                              C:\Program Files\WasabiWallet\System.Reflection.TypeExtensions.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):43280
                                                                                                                              Entropy (8bit):5.19325700497128
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:uWTzveWYnx1Yc0PuTNtyVC0a+SKLDJt9jRT4Tb2HRN7POSR9z9:fvYxGc0WTUK+jLFh4/ime9z
                                                                                                                              MD5:7B9DEB117866EA6232010798C913AB13
                                                                                                                              SHA1:6206F9788100ECE5642393C76ABCF085F2515178
                                                                                                                              SHA-256:7318713BF68DC9E5117ABEF0C326F13774E7CE27581E25E9EDC7FCDE5A897B71
                                                                                                                              SHA-512:43A8680CDCB32F92D4CF60165A7CC382AE4447D368356A735A1CCABEBF5DDEBE12AB4EDE802B88681372F6BAD2BB518219E4A0753745639E5DD5E361431AD12A
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....?..........." .....P... ......................................................P.....`...@......@............... ...................................................)...p..........p...............................................................H............text....G.......P.................. ..`.data........`.......`..............@....reloc.......p.......p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Reflection.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16544
                                                                                                                              Entropy (8bit):6.665152797951405
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:QRq7sWwzrCWlTb2HRN7E9D/6fR9z+mEYy6:QRq7krZ/iE9M9zhE4
                                                                                                                              MD5:6FC0D8B0EDF7881BA3F7896F7E9322D6
                                                                                                                              SHA1:E00E8A0DBB48076B5FEF5C812F281165193D2BF0
                                                                                                                              SHA-256:334A9C1212D1DBE6A6963FEB3E654AF5F0AFF1A08F83456AB96AA47234BFEBB5
                                                                                                                              SHA-512:B5F128107215DCC018AB1C21E8B0E893A0890B2C85B7BC140886478906A8EFEFC230E69E66F6C48F39802FCA5B460431437663096F7E49FAA5505016937CC976
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$............" ..0..............,... ...@....... ..............................`.....`..................................,..O....@..d................(...`.......+..T............................................ ............... ..H............text........ ...................... ..`.rsrc...d....@......................@..@.reloc.......`......................@..B.................,......H.......P ......................4+......................................BSJB............v4.0.30319......l...l...#~......|...#Strings....T.......#US.X.......#GUID...h...|...#Blob......................3................................"...............M.............................q.6.../.6...........6.....6.....6.....6.....6...m.6.....6.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Resources.Reader.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):15632
                                                                                                                              Entropy (8bit):6.766312068408731
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:EhDOlxAmWVHWhzc3WokuWXebPpUNTQHnhWgN7akW9TYXG9Y00pyEuX01k9z3AFd7:BPBWVHWhzc3W3Tb2HRN7y9EpcR9zyd7v
                                                                                                                              MD5:E373906ECF14DC5CE32E3E99EA67F278
                                                                                                                              SHA1:229A77DBCF834B20B7B9CCA0DAEBB0BA06B859F3
                                                                                                                              SHA-256:665D093AE8CEB6F375C142CD23A27791E577EEFBEC1F12DE9B5E61698F2B4EBC
                                                                                                                              SHA-512:133FB5AA2F63BD1455634DA040B2E89A29B49205FB51E56EC3D7FB68045C3188EC80E7A6961BD6C9EDEB51E1B116FAE4D55425E131F6791BBB05A0559673312E
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Gp;..........." ..0..............)... ...@....... ...............................P....`..................................(..O....@...................)...`.......'..T............................................ ............... ..H............text... .... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ......................X'......................................BSJB............v4.0.30319......l.......#~......h...#Strings....t.......#US.x.......#GUID...........#Blob......................3..................................................%...x.%...3.....V.....^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Resources.ResourceManager.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16032
                                                                                                                              Entropy (8bit):6.698065825745924
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:+K6tbdxAFKWkzQzWobuWXebPpUNTQHnhWgN7a8WUbTseUfX01k9z3A/mE51:TanaKWkzQzWITb2HRN7f/6fR9z+mE51
                                                                                                                              MD5:815E3EF0BF77853A28F69043FEE4F188
                                                                                                                              SHA1:BC825FFE3E8BF6AAB6C49F0F3D6F7F5EBFD19DC8
                                                                                                                              SHA-256:6FD1A028C05407B5A3325FEC7790BEC5215BD35F44D024C401AAC674DC9A4FE5
                                                                                                                              SHA-512:518CC1FEDC7F3351BE30A0D1B268705F93B4B426DF4B170443385FB4CB0F4E9533D393ED5579EAD72114266E39F3C442894AB89700565A558BDB6EE6E74D503C
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....K............" ..0.............n*... ...@....... ...............................l....`..................................*..O....@...................(...`.......)..T............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................M*......H.......P ..H....................(......................................BSJB............v4.0.30319......l.......#~..|...,...#Strings............#US.........#GUID...........#Blob......................3................................................9...........U...................A.....A...........A...r.A.....A.....A.....A...Y.A...i.A.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Resources.Writer.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):51376
                                                                                                                              Entropy (8bit):5.746171459808433
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:Cyxn32XbMi171RsnV73W2/jL04IoJDuO9zI01V:CyhGrM871q7G2X0KJzPV
                                                                                                                              MD5:563A24F31BAF212E8596EEAD244415C6
                                                                                                                              SHA1:C04F22153C62423C7CBD2406C259233D1CCA3BE7
                                                                                                                              SHA-256:4D5F34990C58DC6207DB7C662F0ABDDEA0CE2AB8FE275C4A2689BB15B1301FFD
                                                                                                                              SHA-512:16D7578F7A751A0E3B01DF8040365FEA0F601AEF2A9F5C9531925E5D776C76C96F60ED18D84EC1D04B16B6ED7F8B90DD77F504B384EBF26777C74411AF362E1B
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....K............" .....p... ......................................................&.....`...@......@............... ...................................................(..............p...............................................................H............text....j.......p.................. ..`.data...............................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):15640
                                                                                                                              Entropy (8bit):6.797962203595877
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:gcKaxAUHxWpzX2WoO3WT56Os1HnhWgN7agWfU9fKUSIX01k9z3AdeR7ufX:g7ATWpzX2W05kHRN7Hx2IR9zgM76
                                                                                                                              MD5:90506FCFAB6091377627C8D045057AFE
                                                                                                                              SHA1:BD54FDDFA029837781CE236B6857240E02D8091D
                                                                                                                              SHA-256:790775CCA2206FFDCDCB49C79F80E8DC87220532FE8822DD0EC9EEE760048E9E
                                                                                                                              SHA-512:F782A9ED9790D95DF97A4BACE2258D28C3EF06ECC526387A29BBED583219AA70EB304ECD3CA9482C98A881DDE14003AA9F8E15FEAB6C4863C423C5E17D6BFD00
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6............" ..0.............F)... ...@....... ....................................`..................................(..O....@...................)...`.......'..T............................................ ............... ..H............text...L.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................%)......H.......P ......................d'......................................BSJB............v4.0.30319......l.......#~......d...#Strings....p.......#US.t.......#GUID...........#Blob......................3..................................................4.....4...Z.!...T...........@...........p...........U.......................<.....n...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Runtime.CompilerServices.VisualC.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):30992
                                                                                                                              Entropy (8bit):4.660270604754986
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:WWVzoLWxl5oNBXVJbTb2HRN7sk2R9z2JT:BoWwBXP/ivK9zA
                                                                                                                              MD5:F3EBF698992E3D6CECD787363FA62047
                                                                                                                              SHA1:8E1F26B62E1FB4E59B8743F88EB10EEA2080FBAF
                                                                                                                              SHA-256:0F637231984DC27075393FAA612B914239AD5FCC3454D66898B12BA966135A0E
                                                                                                                              SHA-512:DE23C571655A5D4D07E8DFBBD3EA6C01FBB5E31E7F5E42BCAB2CB77155EDE81A3B72E57BCEB05839EA2E432B90C2AC94D3E7B90C8D2BF004A173014DA33684D8
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...&............." ..... ... ...............................................P.......W....`...@......@............... ...............................................P...)...@..........p...............................................................H............text...~........ .................. ..`.data........0.......0..............@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Runtime.Extensions.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):18080
                                                                                                                              Entropy (8bit):6.541167781166086
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:FYSj5rt9x+ylWlz6NWoPTb2HRN72batHNsAR9za4u:FTj1tXK6x/iqgts89zdu
                                                                                                                              MD5:42AB8620EA0CF6D333B921D5D541C940
                                                                                                                              SHA1:2B449086B888D9A7BAB3C17A8C3A632DD764D328
                                                                                                                              SHA-256:54A4FE44E66A35508522799DC5E232E40FED85C09250066F0818658915FED193
                                                                                                                              SHA-512:342FC91B33783ACE935BB68C42E3C47123BD3C9450879E5774DDE9AC3BC084BEBF0BDE6C504F6212F73C2BCD7A5D9768DC471277EE591EE42D4F5191492F500A
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............22... ...@....... ....................................`..................................1..O....@...................(...`.......0..T............................................ ............... ..H............text...8.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H.......P ......................l0......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................I.....3...................................................i.v.........N...........%.....B.....5.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Runtime.Handles.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):15520
                                                                                                                              Entropy (8bit):6.7964770596366355
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:TKfpoq1FiWIWJzHmW4Tb2HRN74vDX+iR9z34KkFy:exoq1FxHg/i4vDuO9zIny
                                                                                                                              MD5:4234851A64C7BFC357C2E5BB8C2650E7
                                                                                                                              SHA1:4FC0EB080F6447F367950FCC990F5BE062C51EED
                                                                                                                              SHA-256:C7B8495769B72E5D3F89D9E4AC432F45A298D36FB61948F5A590975636B0DE2E
                                                                                                                              SHA-512:3F3AF4EAF432C727D46118CC8B5A771A7FF5A7E9CA197473BDB13040DBB55C172C22B4FBB556A8FDE308D1D68A393E08E5009CA3B26E30C243F03AFB23E3ECB0
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Pv............" ..0..............)... ...@....... ..............................#o....`..................................)..O....@...................(...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~..D.......#Strings....0.......#US.4.......#GUID...D.......#Blob......................3................................................(.`.....`...f.................L...........|...........a.......................H.....z...................(.....(.....(...).(...1.(...9.(...A.(...I.(...Q.(...Y.(...a.(...i.(...q.(...y.(.......................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Runtime.InteropServices.JavaScript.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):51376
                                                                                                                              Entropy (8bit):4.959810312065092
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:zctwMiFMwIIUR3GwWxUezVsPkNbsNmVzT:zcsdU5GwYxEkNbrP
                                                                                                                              MD5:FBC022235C211EA68EF1E9FE85F5CA9F
                                                                                                                              SHA1:25FA77F1D17F59D75BBE2156A6BA9D939F7AF5DE
                                                                                                                              SHA-256:CB4DC6F90B3E433134083192599E950996097CB2E5AE8A0A33F5B9C83BCADEC4
                                                                                                                              SHA-512:3527C78A6AEB84021D8D96401295DF8326F696C7BF52725804C1116FD0528FABB524C12FCB1548F63D58BE95643068D4BB40488D699D68C5166CFE6A61B0CA47
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....,............" .....p... ....................................................... ....`...@......@............... .................................. ................(..............p........................................................... ...H............text...Zg.......p.................. ..`.data...............................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Runtime.InteropServices.RuntimeInformation.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):15632
                                                                                                                              Entropy (8bit):6.838751292180587
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:s7e1ewxA83WSz9UWoFuWXebPpUNTQHnhWgN7akWI2/xwVIX01k9z3A8NAcdaCBt:sCUuBWSz9UWiTb2HRN7dSR9zrNAcdaCf
                                                                                                                              MD5:1DF04AEC08240F36DC5E47AE91890767
                                                                                                                              SHA1:91D89D295008ADDD7088100961CF64A13A1BC30F
                                                                                                                              SHA-256:B790FFBBE5975CC96CA37A781061A1CAC668A9382FD44A36835245AC78D597E3
                                                                                                                              SHA-512:316A41DE5EFCEF26EA7B0877A3E4E06F19B9F858D8715517EED5C6DBB6C045B3F27166D4C4936C7ECF2E57C470ED237DCCA4846AAE632AD93D5B3EB0977B2AE0
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...I.~..........." ..0..............)... ...@....... ..............................V.....`.................................{)..O....@..d................)...`......X(..T............................................ ............... ..H............text........ ...................... ..`.rsrc...d....@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..(.......#Strings............#US.........#GUID...........#Blob......................3............................................................@.O.........k.....&.7.....7...V.....l.7...;.7.....7.....7.....7...".7...T.7.................I.....I.....I...).I...1.I...9.I...A.I...I.I...Q.I...Y.I...a.I...i.I...q.I...y.I.......................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Runtime.InteropServices.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):96536
                                                                                                                              Entropy (8bit):6.023747710799375
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:V7wryyBJoyfyGXe5CtLey6+67NVpnSPM+l5++kmVgKmHaVXTzS:V71yPO5CtiXdSPM+rRkmadgXTG
                                                                                                                              MD5:AA085609A2D6F6F2CC6EBACEFF4E70A5
                                                                                                                              SHA1:36E94A40F25523AC4E108ECD1C7FFEC4CC9AE0BA
                                                                                                                              SHA-256:BAD1E1C230A152584C034F9426676F9409ABDB07C862092B3B3009D6A86C69E0
                                                                                                                              SHA-512:88196D919D623ED0F75407844EF5DB6F19E0A2D2ABEC259FF50FC0E90140DCC644C8E95E0BC5AECC4C573B613A9FD88E1B9CFCE5524DA9C932A7756A92B8E5AD
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...8............." .........0...............................................P...........`...@......@............... .......................................(..\....P...)...@......X...p...............................................................H............text............................... ..`.data........ ... ... ..............@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Runtime.Intrinsics.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):17168
                                                                                                                              Entropy (8bit):6.606350242842243
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:UmDICYQZrDfnWTzoLWowWuWXebPpUNTQHnhWgN7aoW3diGyttuX01k9z3Au5my1:UnnA3vWTzoLW1WTb2HRN7EOSR9z9sw
                                                                                                                              MD5:D2BD8FDB3939D7B94DED0ED1A27F3FAC
                                                                                                                              SHA1:F7452E8B63BF656BF2688DBACB460996DDF2685C
                                                                                                                              SHA-256:AA65858AA4B69CEA716C2C83A6DB515B415ACD12E9303050B29BA7C3258CEA81
                                                                                                                              SHA-512:BA36E6DBC32119AF75F6FF74F2918B78E852F01C859C41EC46938A037E7E93C9E1E37824C983D03C02B4B6A54C71821DB21ACA87319DA56D2B0B3D11FC7FAD64
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"!..0.............~/... ........@.. ....................................`.................................#/..X....@...................)...`......,...T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`/......H........ ..\...................P ........................................G.}%..y...+..`...=.....h3.s.<..8.Hw..+0....._'.^.....J.X.)3.......+....j....P..;r.RRL.Q.........L.D.|...n..<=..T.E.D.BSJB............v4.0.30319......`.......#~..P...d...#Strings............#GUID...........#Blob......................3................................M.....I.........B.$.....$...[.....D...........A.............k........."...........{.......................b.....o.......$...........

                                                                                                                              C:\Program Files\WasabiWallet\System.Runtime.Loader.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16048
                                                                                                                              Entropy (8bit):6.728305988090445
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:BlTlh5xLWoz3GWo33WT56Os1HnhWgN7aIWfhT4exu3O6YX01k9z3A0O8NkHeL:BlTlZLWoz3GW55kHRN7WM4R9zlOBHeL
                                                                                                                              MD5:FD6742325AF14C130D80848512B4647B
                                                                                                                              SHA1:4DB136B45B726449F82A43398F946F55A8A0E492
                                                                                                                              SHA-256:2BEC9FF8AFEDC23BC6558E11254A8C5B6D02FE56E1BF11E149E6923939BB479A
                                                                                                                              SHA-512:27A6CA21110474A2ACD2187F432BFF7669425EA61AE087DF5DBF1D578D327476E67C60591B2AB8004AD7EA29D482A0BF05608E621B235FEC48EC7D7D79EC9F9B
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....v..........."!..0..............*... ........@.. ...............................&....`..................................*..X....@...................(...`.......)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H........ ......................P .............................................a....f.u...w..1..<..<Om8.>".Lb....Vj......G..PA.#S...~..*..{0gG.d......G@.Iu..Z..7.,.`.."tS.....K-f9.4...Q.d.p.lh.BF9)TBSJB............v4.0.30319......`...(...#~..........#Strings....0.......#GUID...@.......#Blob......................3..................................................P...X.P...p.....p.......v...V.....z.....).......1.....1...?...........>...............................P...........

                                                                                                                              C:\Program Files\WasabiWallet\System.Runtime.Numerics.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):329904
                                                                                                                              Entropy (8bit):6.651987139019094
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:9fX7UgK2Ufyr61EFM8Sx/mPue+GQV5iDIt9d+IKcNV:ZX7STfyr61KcUsV5i8t9d+UH
                                                                                                                              MD5:1A5432DE7EACAA598124AA7D935FA3A3
                                                                                                                              SHA1:2A7EAD5FAFF17740A8CD5EA08446C6129AAC2D19
                                                                                                                              SHA-256:367A654BACC1E16E11CDD0ACC685FA4CE26DDAA0F712D492E608F5B5A91D03AC
                                                                                                                              SHA-512:F95B10116CAA99098B93833A03B7F716F0A0514B29E6599A04B51A225389ADCE35D86C2408B0B1DF32D506C139D34C4CD2936426B4982A533081FB951BC1771C
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........@.......................................................3....`...@......@............... ......................................`n.. ........(......p...P ..p...............................................................H............text............................... ..`.data...-#.......0..................@....reloc..p...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Runtime.Serialization.Formatters.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):309408
                                                                                                                              Entropy (8bit):6.571225427090439
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:F6Vw42zobU9urRbqza6cnJHKBftO2IV1SW9CH3zvf:Mw4WobYuqzZcnVKBf2h9S3zn
                                                                                                                              MD5:893E610A9F9E28159C23FF8BA54D271D
                                                                                                                              SHA1:E1144C9DB2B6EFBAE2823E0350D75417E78CA8A2
                                                                                                                              SHA-256:8392178057D73C58781BD18AC85A3521BA674EC97DB0C081339872F6C8227E4A
                                                                                                                              SHA-512:F7F7756A4D124850005690021FE46869FC63806DE74AA6F1A54E4CD959284F539791BB8872DD323F34C4B93EA9A737B4868F0307E1CC86A58AAB0B21A16A9C52
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....e ..........." ..... ...`............................................................`...@......@............... ......................................|i..`........(...........#..p...............................................................H............text...+........ .................. ..`.data.../N...0...P...0..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Runtime.Serialization.Json.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16136
                                                                                                                              Entropy (8bit):6.736181843875815
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:B+2sVWb7zidB5WQ2Tb2HRN7GyMcTR9z9v9KX:B+2sW3idB/2/iGAV9zV9KX
                                                                                                                              MD5:9767075178E10E454F31F63605938FB6
                                                                                                                              SHA1:EF452A84FC214F85847966B569781D08B9A52D46
                                                                                                                              SHA-256:8EDD354349FB531EE2521368ACECA44F51F8226708E997E4AAA8B68C841895E9
                                                                                                                              SHA-512:1F1F0E104A597CDFD72537AAF044762F9E534713EBA8AA50C36A9E6124F391A4F94293E7EC4EC587DAE767C40B326FE452D4FEE862B58EA104E095400B83BA6A
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T............."!..0..............*... ........@.. ..............................0`....`.................................S*..X....@...................)...`......L)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H........ ..|...................P ......................................V..dz..%...>u.T\*..ua..V.L.ON..(ic..m...)...f..4.HJ.....f...`<...=..%UQ..4C.er..{h._.......]....# .?.@.".w.m.]t..*.....W"BSJB............v4.0.30319......`.......#~..x...d...#Strings............#GUID...........#Blob......................3............................................................3...........^.......O.....O...a.....w.O.....O.....O...w.O.....O.....O...G.O...I.........................

                                                                                                                              C:\Program Files\WasabiWallet\System.Runtime.Serialization.Primitives.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):39184
                                                                                                                              Entropy (8bit):5.1480444428993035
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:3HWFxz4JBrWP8yIHkhFHE0ue4q+k+ars69R9pnUkO2akIGt6HHDPax14JhXtTb2q:3q14JBGz9Dsw9pnshzF/ikaFT9z+D
                                                                                                                              MD5:F652F11CDC9E387477924210841F5E9D
                                                                                                                              SHA1:32521AEE2A3E9BEDE6FD99F0651137076646618C
                                                                                                                              SHA-256:8208B4E72F00738470329F115BD4135D7B8C52109FBF0E9DA0B009B61814B819
                                                                                                                              SHA-512:4ABA8599C9BBC1D146DC26F5465A93CFF7D55A97A915CB27B84C648BF1D5EB0A16E791E979EBEB3B7762FF3F1946E436F603A2AFB003813E792BC693DD9BCFD6
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...In............" .....@... ...............................................p............`...@......@............... ...............................................p...)...`..,.......p...............................................................H............text....=.......@.................. ..`.data........P.......P..............@....reloc..,....`.......`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Runtime.Serialization.Xml.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):17056
                                                                                                                              Entropy (8bit):6.660465679095992
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:qkrZI8NH9MWsQzBBBgWcMTb2HRN7eY/6fR9z+mEp03:qkrZI8NH9imBBB2M/ie/9zhE63
                                                                                                                              MD5:FEC73417C4EE1B4E3CC05BD9CC0DCB11
                                                                                                                              SHA1:CBCEA6E3540DD266B5A6BF159FCC51B53ACAC5B2
                                                                                                                              SHA-256:C5EC9AA7CE203FC43FC5B6B576FC5A30265F89CDC8FBAAAD92502B86CFFCB49B
                                                                                                                              SHA-512:BFEF86CC8D466589969A307C582A667FF19E38F87EB3DB125BC2EBD40610F4430EB5E3BEB0283B1EEA2B28125B086044465B68B184CA4F610352DCB571EE58E2
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=............"!..0.................. ........@.. ..............................[Q....`.................................M...N....@...................(...`......H-..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B........................H........ ..x...................P .........................................[...AZN..}.......|w...No....\.^,8..>....1..R......L....J.o..,.8.o...87S.,.Wu..kE.!M.]..pu.F.;.b*.[.....?.8.}G..8..61.R.#..BSJB............v4.0.30319......`.......#~..........#Strings............#GUID...........#Blob......................3................................"...........................W.a...............=.............Q.........R.......................9.....k.....m...................A.....

                                                                                                                              C:\Program Files\WasabiWallet\System.Runtime.Serialization.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):17160
                                                                                                                              Entropy (8bit):6.6799098911529144
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:J6Xu2tNCj8NSJLWg1z14BHWvoTb2HRN7M2IR9zgCl2:sXNtNCj8NsPp14Bmo/ivU9zJl2
                                                                                                                              MD5:E797B2DBC74011D2838319A799836C49
                                                                                                                              SHA1:18611D1B34486CAD2703F6906D4F8C64DB175FF6
                                                                                                                              SHA-256:FC0AF34884C70F6B201028CC0127DA2A85CBAE874B6B1AE0C85C6E5BB6015DF6
                                                                                                                              SHA-512:8F31C047EEE4B6086C5F8AEA3CE3A5E4AACF0E1F52B370D3023F336400086660EEB2004A5F8265F8855BF400FDC6C6FEE6B5B4523A22A5505E30DA5B5DE7FB01
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....}*..........." ..0............../... ...@....... ..............................F.....`.................................u/..O....@...................)...`......|...T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................./......H.......P .......................-......................................BSJB............v4.0.30319......l...d...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................~...<.~.....S...........Z...a.;...{.;.........#.;.....;...0.;.....;.....;.....;.....;.................3.....3.....3...).3...1.3...9.3...A.3...I.3...Q.3...Y.3...a.3...i.3...q.3...y.3.......:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Runtime.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):43680
                                                                                                                              Entropy (8bit):5.839762120705892
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:D+1fsSED2vCeDQvRzXB3gWql6375IVxedktN7xPBhwsR/JG39QRoNvsh2JcfoDLa:9B/LuYdy50b4b7RSHrAOxi1XzD
                                                                                                                              MD5:52B14397705282EB85AAE70F7634E8CB
                                                                                                                              SHA1:F422BCD8F4DF69DDCAE947AFFAB02BD07CA22057
                                                                                                                              SHA-256:D9F6D328966B88E463F978CE05AE5794693560365D91E9C5D30A9722E0946E75
                                                                                                                              SHA-512:6B2C8B8A9B9DFBFBE93E05E0246C3B61B8DC064188246114210C7A7B7C9CFA0BBC8D87D67DA886549AA34041A37C2A5BD561E56DF0D1C6489C0C3449E8044136
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"!..0..x.............. ........@.. ....................................`.....................................Z.......T................(..............T............................................ ............... ..H............text....w... ...x.................. ..`.rsrc...T............z..............@..@.reloc..............................@..B.......................H........ ...u..................P .......................................Bk..qC..<...Z..@.lB..z.5....,s...."...M *....m.....Be:l=5......Z...9g..|.l...o4.]7.t$Q.jz=.Z.-.w..i..J....HI..c~Hu.....BSJB............v4.0.30319......`....2..#~...2..T@..#Strings....<s......#GUID...Ls......#Blob......................3................................{......#...........6..`..6....m6..(7....4.. .....%.....%....m#.....6...!.6..&..%.....%.....%..s..%.....%.....%.....%.....6..........

                                                                                                                              C:\Program Files\WasabiWallet\System.Security.AccessControl.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):231584
                                                                                                                              Entropy (8bit):6.490937872753735
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:m3jkLDgwDow9j0rKu8bmb3KD/L8V8/6Xe9QF+wVkjox7rteBvGA/+PXbt4:mogwDow9A4bmrA/mt7CWfq
                                                                                                                              MD5:85916CD7FC79CDFC8D8D28881D92D571
                                                                                                                              SHA1:425E16B2ED3A70D589D89953D5B4B65A9E7DDB1F
                                                                                                                              SHA-256:F8E7CCFB0AA9E134BDADDA059E42C4B08168BFCADC355DB64CC3E58E97262EA5
                                                                                                                              SHA-512:BCDC576B0F6F04E6177AFB08F99966FC4D8B0302639D1824ADF86D63C518C8A6712CE325E3DBC709C4D3175373610463344DB8620FA78F6C3101293934208A12
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........@...............................................`......-.....`...@......@............... .......................................U..t....`...(...P..H...P ..p...............................................................H............text...S........................... ..`.data....$... ...0... ..............@....reloc..H....P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Security.Claims.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):100512
                                                                                                                              Entropy (8bit):5.9608907347122715
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:etzAGiKzKsXnTOShX+bX5SHuDQp6O/UExOQwQ7rzUU3q2bP6NLrSjlV+i5zm:etfnXSSV+bJSHu6D0XSJVfK
                                                                                                                              MD5:55AD4A7BA85021342023100D90522435
                                                                                                                              SHA1:17894B2F75CDC2ABAC836A3A99A12B0815E635E3
                                                                                                                              SHA-256:D3C8D076DFB4416B025BEC3D8A787D24F8F1CF9A58A76395BF26B9F930325A46
                                                                                                                              SHA-512:3C599750CB40F543BD21C3426100F6747866632326D37DCCFB8D61FA53B043DAEEA863416B69C4218E901F32064294961E0B12757AD96F2AA592E60AAB4AEBBA
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....W............" .....0... ...............................................`............`...@......@............... ......................................p+.......`...(...P..8...@...p...............................................................H............text...|#.......0.................. ..`.data...{....@.......@..............@....reloc..8....P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Security.Cryptography.Algorithms.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):17584
                                                                                                                              Entropy (8bit):6.607947945589768
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:1h63EqtxAHdwWXzmBWoQ3WT56Os1HnhWgN7aIWfLegowcLK+X01k9z3AeGoGczz3:y0qXQdwWXzmBWO5kHRN7u96R9zuoG2z3
                                                                                                                              MD5:BEE304668AC2DCDCC7E0E3EE2C11E19B
                                                                                                                              SHA1:AF87B5FA03D82CDC56B0F660C18A677B85F9309E
                                                                                                                              SHA-256:0E39FBD719BA69BC14DFA6D56B4DDEA1112666A6340B607E9EB8E964EE08842F
                                                                                                                              SHA-512:4B32E606609ABD7A5B84208C2CBFAD35E4010BF37CF986FEFDA39D16F4A21D1C1886B4A933CD9E96676418C12C88174207BB6499754D8E1AD26C7F9B3A1816D3
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...>.I..........." ..0.............R0... ...@....... ....................................`................................../..O....@...................(...`..........T............................................ ............... ..H............text...X.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................30......H.......P .. ...................p.......................................BSJB............v4.0.30319......l.......#~..t.......#Strings....|.......#US.........#GUID...........#Blob......................3................................>...........................?.....6.....j.....%.d.....d...U.M...k.d...:.d.....d.....d.....d...!.d...S.d.....H...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Security.Cryptography.Cng.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16544
                                                                                                                              Entropy (8bit):6.699258710307259
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:XEHcMWAzEfWTTb2HRN7WkvODX+iR9z34KQ8:U8UE4/iWPDuO9zIE
                                                                                                                              MD5:AF4D33920EDE2FC6B68CDEA31C6CD4BB
                                                                                                                              SHA1:48798B470C25C43C8AF0CE20530CE3D9EBC2760C
                                                                                                                              SHA-256:55779460F2D4F3FF559A2028A38EDFFC61B1E3C4AC913CF6CE53AFF10F67F1CC
                                                                                                                              SHA-512:B4ECB6C4F59D3D3951FC09FC5A07DCA1AFDEADB5CD538B1D4BFDA217723EE28DEB154D642F0C6F4B7D7769FB82B2A3C6F421459634D18DC392C37152AA69D505
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T+............" ..0..............,... ...@....... ...............................W....`..................................,..O....@...................(...`.......+..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P ...................... +......................................BSJB............v4.0.30319......l...<...#~..........#Strings....0.......#US.4.......#GUID...D.......#Blob......................3......................................d.........J.!.....!.........A.......J...n.....,.........................................j.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Security.Cryptography.Csp.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16032
                                                                                                                              Entropy (8bit):6.773569536481858
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:WbUTpW2zKtWWTb2HRN7QOatHNsAR9zaMgaaL:WbUbKb/igts89z/gzL
                                                                                                                              MD5:58242338039FAE5522B1A8A90F090345
                                                                                                                              SHA1:DD5E7BED04FBED9A1D5D96683DBB7B5C93F13CB6
                                                                                                                              SHA-256:3C7F81DF80CDA036C9A1B71FCC3C36DFC3C1ED81620205B9FCD1152987E6743E
                                                                                                                              SHA-512:8F24A79801B60E14ED019E2CF6B4FFE17973D4E0A00FFEA5B5C257E359CDF75A5581427CD9197F57750E8719A822363E0B64CD1A0A37AE3B965B5A3063B38A11
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...beE..........." ..0..............+... ...@....... ....................................`.................................}+..O....@...................(...`......|*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P .......................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID... .......#Blob......................3......................................................x.....3.n.........^.................I....._.................w.................G...................h.....h.....h...).h...1.h...9.h...A.h...I.h...Q.h...Y.h...a.h...i.h...q.h...y.h.......................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Security.Cryptography.Encoding.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16160
                                                                                                                              Entropy (8bit):6.747312736768612
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:FrhZf8V1zouxAYWoz3WWo4eH3WT56Os1HnhWgN7akWfDfiM49yttuX01k9z3Au5m:QzoU/Woz3WW9F5kHRN7gntSR9z9
                                                                                                                              MD5:B6C5786CE016ED4CF2F09F2B293406CC
                                                                                                                              SHA1:F332293CAD5B2D32ED26037263D06AB813DD06AF
                                                                                                                              SHA-256:6D4908BBFBB7574C2D0193A0A5633629F4B9DF0E691FE6A2566399430CEDDA66
                                                                                                                              SHA-512:26BFD415A1262158784617C1F9DE83FD247A924B0BD11FCA3BD6FF7285010846ACD97F77815BE64A4F2587B13BB1B75BA0CC4B6DBD0A8C00B7AF457F538A7369
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...V............." ..0..............*... ...@....... ..............................o.....`.................................s*..O....@.................. )...`......h)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...L...#~......<...#Strings............#US.........#GUID...........#Blob......................3................................................ ...........^.................D.d.....d...t.7.....d...Y.d.....d.....d.....d...@.d...r.d.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Security.Cryptography.OpenSsl.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):15624
                                                                                                                              Entropy (8bit):6.839198619278065
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:KzixAAO9WATz3ijRWoITuWXebPpUNTQHnhWgN7agWaoMKDUX01k9z3AvHzZEC:x5O9WATz3ijRWZTTb2HRN7JnpR9zQHND
                                                                                                                              MD5:10E4569BD3D56E5CAA906CA3442E2B22
                                                                                                                              SHA1:879B5D1E81D772979E1AE3EE69901ADD389FAA48
                                                                                                                              SHA-256:8807C01961CD6755B4C9DBF7DDD9C80D96D4C8EFE782BBAD2361238F74C36A96
                                                                                                                              SHA-512:9416609A8F7997C3AD632A2FFEB8FD7E3C1D57D9BC25832F638BFB96BB2BC9A97BD6479FCFD544B7207195A3F300F1FF37BD2F9380EAA73E49392E611F868957
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............)... ...@....... ....................................`..................................)..O....@...................)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~..X.......#Strings.... .......#US.$.......#GUID...4.......#Blob......................3..................................................|.....|...E.i.........p.....+.Q.....Q...[.J...q.Q...@.Q.....Q.....Q.....Q...'.Q...Y.Q.................c.....c.....c...).c...1.c...9.c...A.c...I.c...Q.c...Y.c...a.c...i.c...q.c...y.c.......................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Security.Cryptography.Primitives.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16048
                                                                                                                              Entropy (8bit):6.766477839646991
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:Tf5zWxz83Wll5kHRN75sX/6fR9z+mE6Ri:75Q8KUOg9zhE6o
                                                                                                                              MD5:4665C9CB8AA3108A840D780D6569D754
                                                                                                                              SHA1:1AB42F1170CAE92669BF34AE40117A3A36131DC3
                                                                                                                              SHA-256:AEDE9AD608E5179EBF776A4933514DB0D75C5FBBD384E3F2AE1F9A9924E65DCA
                                                                                                                              SHA-512:C92900110E6AC0C10451E2DF687014C34BA561A2C2B7495FE4A5C462A79AB138A45942DC2029DFD61DAFE2C50734BF9C724F3E9182E496D350CABBCFB842A983
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....F..........." ..0.............v+... ...@....... ....................................`.................................#+..O....@...................(...`.......*..T............................................ ............... ..H............text...|.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................W+......H.......P ..D....................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................................4...........r.................X.............(.........m.......................T.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Security.Cryptography.X509Certificates.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):17168
                                                                                                                              Entropy (8bit):6.738910064993016
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:UdHzocoaWrzkfWjTb2HRN7HeNbZR9z8s5:Mzo9jks/iHeFT9zR
                                                                                                                              MD5:676DC921A57820177CC650F2F948DB68
                                                                                                                              SHA1:C1690CC90F8E09D78BACF06D062675F4265ECCE1
                                                                                                                              SHA-256:0D0BD9D6E6D3C0A3A6449DABF1BE480CA20016EC2E565DA78297458B43B56E55
                                                                                                                              SHA-512:EDD5F97506B41DFB464DABA66722B38278DC47C2E8C44022694C839DFB63E3BB9E77AFF11B614CA37A08704219AE34CFE006AEB6FFD075813F00791EBCB57BBA
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D~............" ..0............../... ...@....... ....................................`.................................s/..O....@..D................)...`......X...T............................................ ............... ..H............text........ ...................... ..`.rsrc...D....@......................@..@.reloc.......`......................@..B................./......H.......P .......................-......................................BSJB............v4.0.30319......l.......#~......T...#Strings............#US.........#GUID...........#Blob......................3................................-.....r...............'...................X.....k.....k...........k.....k...i.k...&.k...C.k.....k.....k.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Security.Cryptography.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2046128
                                                                                                                              Entropy (8bit):6.682917517073827
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:OnzW/YBGjvmNPFt+IznN83W5WASapd1PRwPWrFxmBeiVFyNcuo2AP:SjRNPF9zNEidFxmBeUw6Kq
                                                                                                                              MD5:5BF6B977FEAE2FF4DE47614C32474557
                                                                                                                              SHA1:D83E3094C96AADA9BFAB6529D3D674E2B9A22936
                                                                                                                              SHA-256:AA6A5B21846CB5B1D7E26E0499F1967384966FED0927AE1F4BD6E5614B77B9C5
                                                                                                                              SHA-512:EA578B675EAAA309F1722DA66826F01AF74BA7F9DC0844C82FFD8114C06097C5BD4A51A0DF28A89D285F1D066F66E0DA3BDB86395E4541BFEC45CCF6719886D1
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...S............." .....P...............................................................`...@......@............... ......................................T...L........(......x...8...p...............................................................H............text....N.......P.................. ..`.data........`.......`..............@....reloc..x........ ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Security.Principal.Windows.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):186656
                                                                                                                              Entropy (8bit):6.4163769699028395
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:fPyw4khyyyLNMWWqfY8SJYrjXQori1H9E2TOK1xguZhT:fjEyyKSA86YrkoryE2rfj7
                                                                                                                              MD5:95D6D13CDAB6A59216B6752C1899E616
                                                                                                                              SHA1:186BE9759045BB2767ABCDED115E55FB7657E4C4
                                                                                                                              SHA-256:1F57E950E015D243F65D74E09A90063BFECE7B82F5270647098AD39C36D01E24
                                                                                                                              SHA-512:5E9A33EA1A6DDA5DDBF4F9EF4738FA3792E8F5AD7DDB190CDAC97B1AB9626A38297C2CF009EFB0BB7CE6D420708C050873E1F822A867183F1C2151AB0AE0F19C
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...O............." .....`...@......................................................@.....`...@......@............... .......................................N.......... )..........h...p...............................................................H............text....T.......`.................. ..`.data....&...p...0...p..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Security.Principal.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):15632
                                                                                                                              Entropy (8bit):6.791903753849684
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:NB0LPxATS3jWVdz0fWoruWXebPpUNTQHnhWgN7akWhZY00pyEuX01k9z3AFdOI6+:wL5uYWvz0fWITb2HRN7yEpcR9zyddF
                                                                                                                              MD5:03D0862CD26A77B9F0BE721E2671E2AE
                                                                                                                              SHA1:806BC9D228D729D5DC18D7406E41EC4DD3CADE53
                                                                                                                              SHA-256:DB3404B57EA84F787C34CFBECA076A090661BBE3268527C82BB4AEE29720B27A
                                                                                                                              SHA-512:FE781BC733461C38F0AC55DD60EC74EDA34650CF6ACDE04BA30714B74B2C76CF5D0E2663578401532946F65BB0C0196B510D4EBA7B7EAD5D36355DEC6BCE84EC
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...../..........." ..0.............j)... ...@....... ..............................j.....`..................................)..O....@...................)...`......$(..T............................................ ............... ..H............text...p.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................K)......H.......P ..T....................'......................................BSJB............v4.0.30319......l.......#~..4.......#Strings............#US.........#GUID...........#Blob......................3..................................................=...x.=...3.*...].....^.................I....._.................w.................G...................$.....$.....$...).$...1.$...9.$...A.$...I.$...Q.$...Y.$...a.$...i.$...q.$...y.$.......................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Security.SecureString.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):15632
                                                                                                                              Entropy (8bit):6.815324029386427
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:81ww06AWEz83WHTb2HRN7m0XEpcR9zydzA:MwL8Q/im0XEpw9z+E
                                                                                                                              MD5:B392DAE241B8DDEE652F76EA5E3D32F9
                                                                                                                              SHA1:11EAF3ECD4B72C26BB81B3347C928D6B0E234875
                                                                                                                              SHA-256:580D3D48BED7E38AB1E726B95E08FB74487963F2BA51766B1DC4AFC014836D03
                                                                                                                              SHA-512:CF87DB9E5D698BCC3A7341D9DF0121A02B092595A74790D4250C2CD7DB0970C406B2DD1A510B3A226418EBEDAA97FDC9B9CB79695A29488FA3E800C0B8FB870E
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....9..........." ..0..............)... ...@....... ....................................`..................................)..O....@...................)...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~..D.......#Strings............#US.........#GUID...$.......#Blob......................3............................................................3.Z.........^.......B.....B...n.;.....m.....m.....B...S.B.....B...w.B.....B...:.B...G.B.................T.....T.....T...).T...1.T...9.T...A.T...Q.T. .Y.T...a.T...i.T...q.T...y.T.....T.....T.......................#.....+.

                                                                                                                              C:\Program Files\WasabiWallet\System.Security.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):18592
                                                                                                                              Entropy (8bit):6.510882441137823
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:tI2A3WVzwDWRTb2HRN7wx/6fR9z+mEV+3:tI2AIwG/iwC9zhEV+3
                                                                                                                              MD5:3F2093C652C50503268752C500143A0C
                                                                                                                              SHA1:8DD70CC0CF2F7BCB87B577AC3A4982ACAC5CA829
                                                                                                                              SHA-256:7DA16CEFE259AD6AE992CB708C85DC75ED8110454E7832E9D97537BD099BEF29
                                                                                                                              SHA-512:783FE416305BFC0B3C1923EB8EB4E3048E0D8803912AEDF57E3F1CF73B34F4D99B395C5B036B2FAE1A96160FA3F0712EC42E061BB6B1F2A6821754A8943507C1
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............4... ...@....... ..............................v<....`..................................3..O....@..T............ ...(...`.......2..T............................................ ............... ..H............text........ ...................... ..`.rsrc...T....@......................@..@.reloc.......`......................@..B.................3......H.......P ......................P2......................................BSJB............v4.0.30319......l...H...#~..........#Strings....h.......#US.l.......#GUID...|.......#Blob......................3................................O.....................0...........3.......x..... ..... ........... ..... ...r. ..... ...*. ..... ..... .................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.ServiceModel.Web.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):17160
                                                                                                                              Entropy (8bit):6.645359936461547
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:53n7pwp7W/zu5WoVPUuWXebPpUNTQHnhWgN7agWFjKDUX01k9z3AvHzZEwr9:hW7W/zu5W8cTb2HRN7mpR9zQHNbZ
                                                                                                                              MD5:B26ECB8CD021B995DF4D99711A319FBE
                                                                                                                              SHA1:30390DF2CB911BEA12D0CBB017417802BB152B39
                                                                                                                              SHA-256:A3E2230F74EFA5C2BA0CFD89AE3399EC1AFF3421C3C8E349EEAD1E1AA33950D6
                                                                                                                              SHA-512:E3941B99918FDBD7BD320267E9D483E9EB2061E449DCB2083A2A56C566152BD19287D6BF1686C88FEFCAC6106041EFCE017F367A064165582CE0404AA3E5ABF1
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...:y..........." ..0.................. ...@....... ....................................`.................................7...O....@...................)...`......H-..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................k.......H.......P ..x....................,......................................BSJB............v4.0.30319......l.......#~..8.......#Strings............#US.........#GUID...........#Blob......................3................................&.....................?.................%.].....................&.................>.....[...................{...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.ServiceProcess.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16144
                                                                                                                              Entropy (8bit):6.754524230139818
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:XN+O5xAZpWnvzwlpFWoquWXebPpUNTQHnhWgN7akW1HcyttuX01k9z3Au5mbMkaO:9/QpWnvzwlpFW1Tb2HRN7QSR9z9wbz
                                                                                                                              MD5:0D2323D1265B98A7E3599F82D4E9EB58
                                                                                                                              SHA1:447F3B0E69496E60AA767A46899079AE01153696
                                                                                                                              SHA-256:6FCD6E7062C1D6730237162ABD87A10F7E198A9B72C51CEA7B35AB65966D279D
                                                                                                                              SHA-512:98038964DF507B526A7E767B95DB148C04E45DB2FA481A48CDDBDCC61596153B37A579E01B419BBE736A1556D074332677A5D02625F8FE7C4AE559A4403C1F36
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............+... ...@....... ....................................`.................................;+..O....@...................)...`......P*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................o+......H.......P .......................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3......................................!.........f...........\.....:...........B.^...H.^.....;.....^.....^...+.^.....^.....^.....^...p.^.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Text.Encoding.CodePages.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):862496
                                                                                                                              Entropy (8bit):7.457060225345807
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:yf7xn7kZQ6kliVreJIHHr0tRYbKr2KtG9VKABC6rP2YBKgTWec:yD9km6k/IwRYbiBeKGChYTyX
                                                                                                                              MD5:E025F10C2D7AA67E9BAF1F3AD87A26BE
                                                                                                                              SHA1:660C6E505FB7429103236B78D12BB77B3341ADC8
                                                                                                                              SHA-256:0127E1F3275F4852E604EF968CCE0C24187B39301765F88C7130CA77999E3BD7
                                                                                                                              SHA-512:705F9B4ACFE3FB0F2E1CBB11F64C2B3D673E1ED29FCF174FF214C1BCBA6AE46B8F6D01BA8FA23EA37143ECE21413EB3D746ACBDA214C5455E4834FFBD33E8DB3
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........@............................................................`...@......@............... .......................................B..p....... )......<...8...p...............................................................H............text............................... ..`.data...`!.......0..................@....reloc..<...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Text.Encoding.Extensions.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16160
                                                                                                                              Entropy (8bit):6.72732167982915
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:WmXhpu4xNWnzeJWogO3WT56Os1HnhWgN7akWf35yttuX01k9z3Au5vJv:Vx3NWnzeJWVf5kHRN7DSR9z9pJ
                                                                                                                              MD5:7356A0C3D4DBF74AB54F86DA4EC30085
                                                                                                                              SHA1:57293A4FF7F6777C1869809673AD20627339FF3C
                                                                                                                              SHA-256:A953FAE1A01E95BCACA3EE19D861EFEAED3D06699DF22AB337DF885B72C2C73F
                                                                                                                              SHA-512:1ECB3DF1A32F2500A59DD46E5461FC5215F062103B616265C6E1716EA263079032815E2625DA6122663D0D283A6C1799C2502FC24DEA83931976A020E389F61D
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"!..0.............N*... ........@.. ...............................h....`..................................)..L....@.................. )...`.......(..T............................................ ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................0*......H........ ..,...................P ......................................v.o.aH`.A.E..M...>:E....Xc.c.].......[7@ti>m?.b...F-.Z.gn..h.6.......>...#..Q.. 1...u..d..d...eP..i...&..p.e.........+..z).BSJB............v4.0.30319......`.......#~..`... ...#Strings............#GUID...........#Blob......................3......................................O........."...........;...........f.!...!.z.....z.....s.........;.......z...[.z.....z.....z.....z...B.z...O.z...v.............

                                                                                                                              C:\Program Files\WasabiWallet\System.Text.Encoding.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16048
                                                                                                                              Entropy (8bit):6.703928078674984
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:EzkexATWKzKNWo73WT56Os1HnhWgN7aIWfRwBr6I8HNsAX01k9z3Aq8Q8:SMWKzKNW15kHRN7jBr6tHNsAR9zaQ8
                                                                                                                              MD5:ADCFBFAE14B660CDBBFF3AA8C2489ADB
                                                                                                                              SHA1:EA8AD6FD69B7DAA2EDCB268227C744168E13215E
                                                                                                                              SHA-256:709DB1A3179474614788A23DE356471EA40ECD9D043D5FBB76378DC571551038
                                                                                                                              SHA-512:6AB0EFE826AFA06CD6A7CE3DF59E6A6D3F752F8A7160E6DDE0E31DD367303A895821F2EFA2616360591A77AD2E5A92993E5DE92E18070521F99AF19A7DE41527
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...|.8..........." ..0..............*... ...@....... ..............................p.....`.................................a*..O....@...................(...`......x)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...T...#~......T...#Strings............#US.........#GUID...(.......#Blob......................3......................................M...............x.....3.....7.....^.......m.....m...I.f..._.m.....m.....m...w.m.....m.....m...G.m.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Text.Encodings.Web.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):133392
                                                                                                                              Entropy (8bit):6.119902375830082
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:BJGTUj37ykm3E5T+zpq5D3lhjdPTp8K76+d05Hzdy+NXPNpm4+SqUIiBTzJ:BJGTUqx3E16qvZ5N77uLLNfNkSqUJTd
                                                                                                                              MD5:466E3FE8077B458B995DB2BA0B8B7CB3
                                                                                                                              SHA1:5947B6BE4759540AEB285DE49CACC753814F8593
                                                                                                                              SHA-256:6178960478D7855288723B3DBEE87F30867C9A50B2B5546D403ECA90230E1D0F
                                                                                                                              SHA-512:B928EC1CFBD03B8BB16686F3DF06F3704DEBC279B6C368E33EE3D04A1E06262DAE81F4A7CD518E9DBD40B63364C73FCB7044E127C432CB17586792E61F9ED4EC
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...Z[E..........." ......... ............................................................`...@......@............... ......................................|-..X........).......... ...p...............................................................H............text.............................. ..`.data...}...........................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Text.Json.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1501456
                                                                                                                              Entropy (8bit):6.704759452676108
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:VntHr/9NQZFz4EfTqyFimy8JRzMIS0DNLt8feHA378Uproafpy:jLr8zdfTqyFimvz/S98Ui
                                                                                                                              MD5:E3BB4BC932BBF7569A5A0AC7E0618C92
                                                                                                                              SHA1:49436C040D448EC705A12E19C81FA408495D9BF9
                                                                                                                              SHA-256:0AA418BF163577906FF5ADB1B2EFF9292E5358436919405D9377BBF845F62474
                                                                                                                              SHA-512:C5210D03BC359DC9E9D397B0155F7754E6D66F1B1B6369909A22FA0F19497F7E659C15B767754C9E533E1164825D7EE93EC8AB274168843661D331F6FDB2B7FA
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....0................................................................`...@......@............... ...................................................)...........R..p...............................................................H............text...7&.......0.................. ..`.data...FQ...@...`...@..............@....reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Text.RegularExpressions.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1022112
                                                                                                                              Entropy (8bit):6.821415753609002
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:IPNtm21Go9Fz7KPTT8inDiv67tA2ehjEnQKL:A1G457KLTRivKehjg7
                                                                                                                              MD5:3E5EA1726FD12BECF49BD88AA322177D
                                                                                                                              SHA1:A9204800864FFBAA98413D265B99AD6765281832
                                                                                                                              SHA-256:1002F3526B1811921B69CF43C3134BA0C21D4E52859F250C46F7DB3DD2C91FD5
                                                                                                                              SHA-512:9A9653C2C5BD28AC6534DFBDC9DDCB97437096AF8F3FD625C2F7AB09344CF4140E4C73CB6227BDB02403B7EB10C255DC6BD2D08014C452A3D02B6067988ED216
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........P...............................................p............`...@......@............... ...........................................G...p...(...P......h...p...............................................................H............text............................... ..`.data....)... ...0... ..............@....reloc.......P... ...P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Threading.Channels.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):133280
                                                                                                                              Entropy (8bit):6.275466907241627
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:/Ka3t+/kPS+F3g2vlsEjd2fzs6FlsdJQ/WoioI03cBPdzkiOzD:/Ka3tYkKQQQmEjd2ZFli6/riePP
                                                                                                                              MD5:22E5F8B26FA9C7EB48F1E45FC7F0C1A0
                                                                                                                              SHA1:CEBE2B8F6DFA838A082729E4993E12F6EB16BC8F
                                                                                                                              SHA-256:B9AA7198E24BD2495A08474D51CDB1E625FB75BC366D96590C7ED5317C185AE5
                                                                                                                              SHA-512:33A542E69F80E2AF6E5E5BCDD9FE8427B1843C44B202E1725206DA003CCA956AC3DC0D5262F5E4FC84ACAF1AB44551452046A8E138A3D322DC60F4981DDA7BBB
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....v..........." .........@......................................................K,....`...@......@............... ......................................L7...........(..............p...............................................................H............text.............................. ..`.data....#.......0..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Threading.Overlapped.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16032
                                                                                                                              Entropy (8bit):6.724206590536904
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:uHYCHHcHdH8H2WFzMHWZTb2HRN7TjmT/6fR9z+mE/X:aBM+/iTCc9zhE/X
                                                                                                                              MD5:01C28345DA853DAFA6FB45F0C51BCF8A
                                                                                                                              SHA1:A8CD01C6C6EFFCCAEBA4343F47D0D4018A8DC40F
                                                                                                                              SHA-256:3D43F5448A09F99D3A9380DF1CB4B4706337A333B087AF18B50B631D9D807611
                                                                                                                              SHA-512:E77B39BEA4029219B04271F28B94E9A74A7EA9F1CEAA37DF216DE41F6D143D164C14613202B5325061F3309387718C941C5E95F259E27268E9DF3AC82C10B909
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...ac............"!..0..............*... ........@.. ....................................`.................................;*..P....@...................(...`......@)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p*......H........ ..p...................P ............................................)..G.#.&0b......hH....5.{D......a..]..N....|..c.k..Q..+K..)`';%l.;....Z.".....9..c.@..uK..aM:w.._~j/A.7..}...$.....O.}BSJB............v4.0.30319......`.......#~..p...H...#Strings............#GUID...........#Blob......................3......................................................4...........7.......c...{.....V.............c...t.....}.................9.....................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Threading.Tasks.Dataflow.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):489632
                                                                                                                              Entropy (8bit):6.7026601139596
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:bSjAH/3N4YHIsAvpYJeF1rUQ5v3IFu4DXglLq:EY/Gdzsw1rUQ5vYFucXglLq
                                                                                                                              MD5:74B9147A1EA314AB03987501BBF3E888
                                                                                                                              SHA1:4BC873051FE85C96F629BBA4D2EAF32214C7A0A0
                                                                                                                              SHA-256:F8EFB98D1F009454F5A6BAD3A81E58E4D9CBF1EC1B283AE30360D0807C4B592B
                                                                                                                              SHA-512:9CA98C5C4F55B9B46EB86E2B483775F1AA9BB702D829DA4DD6CF932146C08F9A8127646ECFF5CBBC62FA33299032991FA1F42A61F6FC82DD9D3D822F0F73CD07
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .........................................................P......S.....`...@......@............... ..................................h...`....1...P...(...@......`"..p...........................................................h...H............text....v.......................... ..`.data...i...........................@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Threading.Tasks.Extensions.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16144
                                                                                                                              Entropy (8bit):6.770768371195947
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:6CVT05B091ncmSGf8Wfz8XWaTb2HRN7XP4SR9z9N:dVAMn8N/iXP4e9zX
                                                                                                                              MD5:4A87637BCE0F21F410B295AE80F4205A
                                                                                                                              SHA1:ACBF68A017C55435B78BBB78CF5FB1B6197714AB
                                                                                                                              SHA-256:112F3C2779FC97D30FEA4033781686377BE116EE378467B7C328C35FA74D2279
                                                                                                                              SHA-512:6A131DB59A8E4346F5A0AAA9203257B82E640F5F0DB3B7221299D1BBAE990858BCFAC142917DC622A31804DB267DAB7F13277B8AD3DD5785E7A359B521FA9000
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...V2>..........." ..0.............V+... ...@....... ..............................TS....`..................................+..O....@...................)...`.......*..T............................................ ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................7+......H.......P ..0....................)......................................BSJB............v4.0.30319......l...d...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................s...............1...........A.......O.................................W...........1...................p...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Threading.Tasks.Parallel.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):133384
                                                                                                                              Entropy (8bit):6.343473846133708
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:F/0CkyW0glfG6WVKdrhYnS+5On3kg9BEcrVP9kjs:FgyWxI6WVKVhjccrVPOg
                                                                                                                              MD5:F8120073B73BB084177A2E7761F328DA
                                                                                                                              SHA1:FDAF9FAD201CF8ED2AE3A04675F924389486DC7F
                                                                                                                              SHA-256:7E7077F70244A4FC001F1BF0BC378DF599EB47ECDCC30632EA6C4805037817E8
                                                                                                                              SHA-512:28601F235E08F50FB4C8F1D4364A8272D121BB00416644A81288103ABF9021C5A84CCE4BA13DA0356C72A72362D651126DCAEB2E2C382F72B17440297D7794BD
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....A..........." .........@............................................................`...@......@............... ......................................44...........)..........@...p...............................................................H............text............................... ..`.data....$.......0..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Threading.Tasks.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):17056
                                                                                                                              Entropy (8bit):6.601566729596843
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:Iaf4fk3CBkoqB9v9WSzQzWJTb2HRN7ktHNsAR9zaAPB:Iaf4BOoWQy/i6ts89zH
                                                                                                                              MD5:1CBAB12C2FF2E77DC0C6010F7314CD19
                                                                                                                              SHA1:E64F33B01FE6D4D4F387F08EC98582643648F3FE
                                                                                                                              SHA-256:44464B154093D8390698232B8065EE6F99B0AF55FC8B3C8B4193B6F384F884CB
                                                                                                                              SHA-512:FA8B8EABE1A35A686F229DAC0EC909EAFA9321DF449B85239802EF3974F1197FBBF055EE386030EEA7091AEBF445BB9CBB9AC61ED08C2A6DAA07CC86D68107EC
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....1............" ..0..............-... ...@....... ...............................=....`..................................-..O....@...................(...`.......,..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P ......................<,......................................BSJB............v4.0.30319......l.......#~......H...#Strings....X.......#US.\.......#GUID...l.......#Blob......................3................................&.................o...w.o...2.\.........].................H.....^.....-...........v.................F...................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V...y.V.......................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Threading.Thread.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16136
                                                                                                                              Entropy (8bit):6.759784432636061
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:nBz2Et0Z88WFz47WTwmTb2HRN7Mz12IR9zgOAw:nl1X4Wwm/ivU9zFZ
                                                                                                                              MD5:ADF197C1C2C2A9F6786BA6EFB1F1D330
                                                                                                                              SHA1:5F637C51A9DAF23879FE35B81D9E06C30722A1C4
                                                                                                                              SHA-256:8E54893D738541B6DCA1693100B1B5DDDEEE877C92630B69110B0F29423F1B41
                                                                                                                              SHA-512:3AECA1EA70AAD0E1C8A884453360C1F434861C6DC9CBFBC291E707D47DB1EB7987292BA19B3DBA344B5ED7A23E620F2CF4BEDA40D00C68BE473C63BCB4A81113
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P.3..........."!..0.............^+... ........@.. ..............................qX....`..................................+..T....@...................)...`.......*..T............................................ ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................@+......H........ ..D...................P .................................................a.....!.A..,.;..W......zP.....vE..8-&...)..L.T....|.-5."."......H.h...-..m.n..A#b/.&N... ...k..m.M.-.1.q..[dBSJB............v4.0.30319......`...|...#~..........#Strings............#GUID...........#Blob......................3......................................].........U.@.....@...n.....`...........T.............y...0.!...9.!.................................u.............@...........

                                                                                                                              C:\Program Files\WasabiWallet\System.Threading.ThreadPool.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16144
                                                                                                                              Entropy (8bit):6.721427941218387
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:ui926cPudWNzEvWDTb2HRN74SR9z92o7U:ugKEE/i4e9zjI
                                                                                                                              MD5:C45DD6EF1C5080E0257092708141FBE0
                                                                                                                              SHA1:A391FFCD84D820D71BF35F3EE5559D4D795D44AB
                                                                                                                              SHA-256:F3F825895EE497ABE0FB3F61431D695528E5CEB7EBEBB78F1128BECDDE935E3E
                                                                                                                              SHA-512:2A38B1AFC72ACFDC5868342152DAA6E1EB646F235D587C2ABDBBA96E1EB8054279BB46A435F5BC2A8FA4DB54145135777CFAAAA4B2AD44D8CF8E8B4A23287F0D
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....f..........."!..0.............N*... ........@.. ...................................`..................................)..X....@...................)...`.......(..T............................................ ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................0*......H........ ..(...................P .............................................Y.O...n......p.!:......r..5}..s..{N..p[...9T.....0.....o...-.wT..k.....Tr4..69Qe..6hT..w<....w.aP.4...k.y&~.U........BSJB............v4.0.30319......`.......#~..`... ...#Strings............#GUID...........#Blob......................3......................................P.........7...........P...........{.....6...................................p.......................W.....d...................

                                                                                                                              C:\Program Files\WasabiWallet\System.Threading.Timer.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):15520
                                                                                                                              Entropy (8bit):6.757285983916306
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:SF6boqvSiMWVzbCWDTb2HRN7itHNsAR9zaNP:Loybn/iYts89zMP
                                                                                                                              MD5:3EBF50F8E7699F89F445E43FBCF99A1C
                                                                                                                              SHA1:53D95ACE5E3BC264FA365E2C6E89DE985DC8789B
                                                                                                                              SHA-256:44D9AFFB57E65C4B475409185917F7615353A2B811AB95F61118104111E4CC78
                                                                                                                              SHA-512:1543E15377515FC4045C8C257C595D0B49E4AB1438BF9F46758DC2E234165261F20B54BECF7691763636EC583A4FFFD41556BA95012E03CE1DEFB90126797F07
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....g............" ..0.............")... ...@....... ...............................X....`..................................(..O....@...................(...`.......'..T............................................ ............... ..H............text...(.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ......................`'......................................BSJB............v4.0.30319......l.......#~......d...#Strings....|.......#US.........#GUID...........#Blob......................3..................................................3...x.3...3. ...S.....^.................I....._.................w.................G...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Threading.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):84128
                                                                                                                              Entropy (8bit):5.9645379992174
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:JQ/goICPT0ehImrmODZcUBeZ8j0qEHawdB3mGRm3LGgzi0zhac:JQ/go9PpmFtZ8j0qEHawdBPRYGgjtac
                                                                                                                              MD5:24F93D4E704E427CB56CF26FCF2DFFFB
                                                                                                                              SHA1:06DF34EAB64BB7ECAD9AC37327504511C5619911
                                                                                                                              SHA-256:542E7B5B448D94B14A4CCE375DC599731175FCB36566D5D306AA017F64D0D7AE
                                                                                                                              SHA-512:558954C7B6ABB8BD6395487B4FD30FDA0FA6761CFE71C44106C8C8881E444BC67D502E066AC2B983470EC2CDF8CDE0BBB420A94EAAAFFD9B0E5AB96033702DB3
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....q............" ......... ............................................... ............`...@......@............... ..................................`....'....... ...(......T...`...p...........................................................`...H............text............................... ..`.data...............................@....reloc..T...........................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Transactions.Local.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):661784
                                                                                                                              Entropy (8bit):6.674082144576681
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:SlJ5yP48Vd00bmWqQf2VQIhS3dzGpepguWC4bVUl6lJlD2EL66zP0uRZ9EL3/sxH:VPJddbmWZf2VQ9bgnzVTFD2S6Tsx91kQ
                                                                                                                              MD5:1F1D965EE816BD15B2DF7C12607FD704
                                                                                                                              SHA1:765C78D7D355EC47A2F7B4C1DA282C9731208156
                                                                                                                              SHA-256:85409D046FC8C4F3D3BBFB08E258B7B9F130CD950009E7E4B8F139257ABF88D0
                                                                                                                              SHA-512:D56BC11A074EF64C05FE01F1007DA56E0E5606282A10156930CEEDFC2252CA6B6A82C59F08E46B299526800FD4FCA23E62928DA720EAE1705BC26DF9930BC96C
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....@................................................................`...@......@............... ......................................`...hI.......)...........4..p...............................................................H............text....5.......@.................. ..`.data.......P.......P..............@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Transactions.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16560
                                                                                                                              Entropy (8bit):6.69644767680085
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:Vmw3RkW+zLiW65kHRN7EntHNsAR9za2dcJ:Vn3RWLXqts89zGJ
                                                                                                                              MD5:577418BBAC9FF53BE96D142F499FBED8
                                                                                                                              SHA1:3D99A9890B8DE281BD617E5898692A8DC34618A2
                                                                                                                              SHA-256:76E42E9C432A4E0B2D92945D1F57B587317AC58A56DE71445A3A14D271A7C4F5
                                                                                                                              SHA-512:38D36AB2DB5ED17E854AEA44E46D8FDE37762554DAD9E63E2312BEB2E698910EFF31B1BDF988AA60C43DF7EA93F411286E9795372A844363B7A6BA0FCBEC451D
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u.U..........." ..0..............-... ...@....... ...............................1....`..................................-..O....@..t................(...`.......,..T............................................ ............... ..H............text........ ...................... ..`.rsrc...t....@......................@..@.reloc.......`......................@..B.................-......H.......P ......................<,......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................$.....3.........0...........D...........o.....*.1.....1.....K.....1...i.1.....1.....1.....1...P.1...X.1.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........C.....L.....k...#.t...+.....+.....3.....;.

                                                                                                                              C:\Program Files\WasabiWallet\System.ValueTuple.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):15536
                                                                                                                              Entropy (8bit):6.795425997684554
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:M/hqSOy/WcznGW65kHRN7FcMDX+iR9z34KE:MZqSOAnj6MDuO9zI5
                                                                                                                              MD5:A985C507E48C4A5CB4E5C43F6E763EC3
                                                                                                                              SHA1:7A0559C24308991054BFE86863B8E63BAE29DCA6
                                                                                                                              SHA-256:B06B25514206EB8695F6DA69E2C9781F9F539F0140ABC4CA6AC5F25AFF9EE49B
                                                                                                                              SHA-512:700A0F1C0FA0647CE1FCF2B41D8E34CEAEE779F3A5E70C23D7AC8EAA36004831E8DB72C93FAA244975B2CD2595916EF40EBB9899FC54E028941CB05264CB30A6
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...9............." ..0..............)... ...@....... ..............................9H....`..................................)..O....@..d................(...`.......(..T............................................ ............... ..H............text........ ...................... ..`.rsrc...d....@......................@..@.reloc.......`......................@..B.................)......H.......P ......................D(......................................BSJB............v4.0.30319......l...,...#~..........#Strings....d.......#US.h.......#GUID...x...|...#Blob......................3......................................E.......................z...........+.....b...Q.b.....[.....b.....b...4.b.....b.....b.....b.....b.....i...........t.....t.....t...).t...1.t...9.t...A.t...I.t...Q.t...Y.t...a.t...i.t...q.t...y.t.......................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Web.HttpUtility.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):59552
                                                                                                                              Entropy (8bit):5.87766315769075
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:woHvdGA98odbfSOCDVgHvwkcm7WqvC8mXiLzb:woH7qxKHoTeWQ1f
                                                                                                                              MD5:E4CB7542CE5A7DA8ABD7BF8C69B93D6A
                                                                                                                              SHA1:E4786B376DBF83712205061D390F1B1F7F8B40C7
                                                                                                                              SHA-256:1C0810C536D4FF3B5C0AD1417532F6CAE10436CE2AEC2D7296C6F8F7DF7D201F
                                                                                                                              SHA-512:38B1F5EDCF845688EC74F44CA64F7CB21DCCC3B77115B7D105A94DA8A866A5354A3FF7BDA1D28CA52957AF4C3558D57C91B6DCA4BE3AA5C8E0B12EF03CE4A88A
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." ......... .......................................................n....`...@......@............... ......................................< ...........(..........H...p...............................................................H............text............................... ..`.data...............................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Web.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):15520
                                                                                                                              Entropy (8bit):6.729719576248359
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:pGGMIxAs3/jIWkzBo9WomuWXebPpUNTQHnhWgN7akWQI8HNsAX01k9z3Aq8KjXxb:fL3EWkzBo9W1Tb2HRN7FtHNsAR9zaKlb
                                                                                                                              MD5:3230D12A7235258ECB765CA44FA3380B
                                                                                                                              SHA1:C8F327565DEAA89C77FC0F6B17FC19E6B36C8461
                                                                                                                              SHA-256:BB362E815C1C9A7980E885536E3B3FFFCE1E07CE49AA92E1CDC8E4F03C6CCE8A
                                                                                                                              SHA-512:7E9AEBC7B090E7BBDAEFBCD28EF9E6806438F15E5C5F968E086D0F648D1FAF54A4406521BA196F0DA5710F27FAB674DE68B486C307C7E515A39166F5EE44FAC1
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............(... ...@....... ...............................5....`..................................(..O....@..4................(...`.......'..T............................................ ............... ..H............text........ ...................... ..`.rsrc...4....@......................@..@.reloc.......`......................@..B.................(......H.......P ......................D'......................................BSJB............v4.0.30319......l.......#~.. ...D...#Strings....d.......#US.h.......#GUID...x...|...#Blob......................3............................................................>...........i.....$...........T.....j.....9....................... .....R...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.C...+.Y...3.o...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Windows.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16136
                                                                                                                              Entropy (8bit):6.709364635573594
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:HUnaHt4xAmbnWNz7SWo5+cuWXebPpUNTQHnhWgN7agW+/QA8RwX01k9z3APOk+fF:OaHtWnnWNz7SWodTb2HRN7tt9R9zgj0
                                                                                                                              MD5:401B4B1966E8B0052B0CBDC6B87B61B6
                                                                                                                              SHA1:C7E28B42B21CB54F260F1AA56DD79ED242AF412F
                                                                                                                              SHA-256:EB761D75DA6D2E004EFFC24BFF0932633C47CD6AB560974E8053041600E7AE3D
                                                                                                                              SHA-512:47BFBB515D4F72DD03CCD77DEA598ED2B1A56AF7C72FD5BC66F0813C66C10F4FD9CDD7EBD29F54093DA4895A1B66F403D446A648E09E6379DDEC2365B8EE5D8E
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....16..........." ..0..............*... ...@....... ..............................P.....`.................................M*..O....@..T................)...`......p)..T............................................ ............... ..H............text........ ...................... ..`.rsrc...T....@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID...(...x...#Blob......................3......................................X.........U.............................y.....7.......k.................................u............. ...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Xml.Linq.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16144
                                                                                                                              Entropy (8bit):6.697867757232877
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:hjc16flR06WEzJ4WofuWXebPpUNTQHnhWgN7akWlVkJMyttuX01k9z3Au5WDvJ:Q+RjWEzJ4WkTb2HRN70mSR9z9ITJ
                                                                                                                              MD5:7A8721F0451412F6313452FD3C6A8AE2
                                                                                                                              SHA1:D6BEE6579E548D3DD8254519A8C66293C6138ADF
                                                                                                                              SHA-256:DA9EE20011186BCEE812AD415A7C3254E043A0975A1765E24DA19F83F387AACB
                                                                                                                              SHA-512:FE42657D99FBB8C204605A34D1F01A8A32A20F957EB4536BD0EC1435F8AE31ED14E87D3A3209ED852E83890F1D6ACA3FAED6576F7FF080DA972F371F7587B70F
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....w..........." ..0.............>+... ...@....... ....................................`..................................*..O....@..T................)...`.......*..T............................................ ............... ..H............text...D.... ...................... ..`.rsrc...T....@......................@..@.reloc.......`......................@..B.................+......H.......P ..<....................)......................................BSJB............v4.0.30319......l...$...#~..........#Strings....@.......#US.D.......#GUID...T.......#Blob......................3................................................L.............................p.@.....@.....,.....@.....@.....@.....@.....@...l.@.....@.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Xml.ReaderWriter.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):22192
                                                                                                                              Entropy (8bit):6.361607338823211
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:x1G5qkxK67ex4FCO0bWEzhAWl5kHRN7l6R9zu7VF:X6LB0Hh2l29zgVF
                                                                                                                              MD5:68BD0452D19412EB0764F01B42378D68
                                                                                                                              SHA1:C5EB08E14D0CB8996C7AEEBAD4649401C29F1E78
                                                                                                                              SHA-256:43A4C4D6C2711EC04C99793D7910E6474709B9F379ADAF83FDE66FAC5598805C
                                                                                                                              SHA-512:B6E5321DEA012BC487CC8B33EF7247BBD97D79BED28976100BBAC0FD9F1308D5CEBCC94EB132B7EB533D87B5A8AF83876BD65BEB7A7C87F8E0D8DBBD3ADD9A0F
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."!..0..$...........B... ........@.. ....................................`.................................wB..T....`...................(...........A..T............................................ ............... ..H............text...."... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B.................B......H........ ... ..................P ......................................4..w..J.:]..x.P......H.$,..qu..6/.|egs.m..../.p.M.W...rLv.NLn.ZB.....j.q,.6....jp...9......t....&....}......z..J._....w...}pBSJB............v4.0.30319......`...|...#~......8...#Strings............#GUID...$.......#Blob......................3............................................................G..... .......b...-.....f.......i.......................................[...............................

                                                                                                                              C:\Program Files\WasabiWallet\System.Xml.Serialization.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16656
                                                                                                                              Entropy (8bit):6.634255532524909
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:P0JLW71zSEqHWMTb2HRN7Zo5R9zrNAcGxky:P0JkpSEqz/i+9zrOcq
                                                                                                                              MD5:E6434AFB32896705275A14560ACC3C2E
                                                                                                                              SHA1:DEF6B6EB392E642C243C9B8B66174A99E2057638
                                                                                                                              SHA-256:31B50E467D07DD06C6956115146F3985B50F1EB3C6B54A034CD14593FC4CF1AF
                                                                                                                              SHA-512:90EC04C7009EFC9D901A10E4B53E3906E7E3F409313F3589DC9A8036FA171ECF7FDAC3874269D4341A26CB9869D584A741FACACA62E78143CE18C6884B379370
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............N,... ...@....... ...............................[....`..................................+..O....@...................)...`.......+..T............................................ ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................-,......H.......P ..8....................*......................................BSJB............v4.0.30319......l...4...#~..........#Strings....4.......#US.8.......#GUID...H.......#Blob......................3......................................".....................X.................*._....._...B.?....._...'._...Y._....._...3._....._...l._.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Xml.XDocument.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16032
                                                                                                                              Entropy (8bit):6.760679843173875
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:1vHxdJWqz6dWoUcuWXebPpUNTQHnhWgN7a8Wc7ObTseUfX01k9z3A/mE4Vg78:1pTWqz6dWjcTb2HRN7h7O/6fR9z+mEQ
                                                                                                                              MD5:C5B7F34B1CEB580B009A4BD894E5DD1E
                                                                                                                              SHA1:940D5F956FDA8DC62E97E5CAAC9521122B9F23D9
                                                                                                                              SHA-256:0D483563D77FEA5A23EE3B14320F1F57C23459E2D43224508771D0C90C6C83A8
                                                                                                                              SHA-512:EE200DE7A27333BF03746E3A3A8DACC651CCA0EFD280E56C063EDB9A56EAA9C0CC0D397EE23B70EA66F7CBD40BBF8793D6EA39FBCBFD5E4B4D0C0CBEE27DAF09
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."!..0..............+... ........@.. ....................................`.................................m+..N....@...................(...`.......*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........ ......................P ......................................I...k....K.....l.X5...Pt..y...Q..}.........#._..+=.wL..6.R........V..Y..&q.Tm.*q.....F.Rn..C.'|qJ-.}6...2U...ko.D1....@BSJB............v4.0.30319......`.......#~..d.......#Strings............#GUID...$.......#Blob......................3................................................L.............................p.L.....L.....8.....L.....L.....L.....L.....L...l.L.....L.............................

                                                                                                                              C:\Program Files\WasabiWallet\System.Xml.XPath.XDocument.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):30880
                                                                                                                              Entropy (8bit):4.2708264274262095
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:jW9zveWANpnJaK7PTb2HRN7cDX+iR9z34KLD:kvsJa4/icDuO9zI8D
                                                                                                                              MD5:E79F94076FEB74896F3CDE56ACC278EC
                                                                                                                              SHA1:384F8F02067064E955EB19BF21D539A1F0F8656B
                                                                                                                              SHA-256:792D395D68B7DF5BE99E7402D771B7FB8C7538A40CDDB5B4449B611BDE968401
                                                                                                                              SHA-512:6AA4BDC22DC10DB9F6E8D47ADFFEF312637DF86D79A82215B50CA72720FC83E5DBE3D0296E93BD848C586C9A17F907030EBE266D8F1EBB5EEC57F50FBE75CD60
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ..... ... ...............................................P.......`....`...@......@............... ...............................................P...(...@......h...p...............................................................H............text...3........ .................. ..`.data.../....0.......0..............@....reloc.......@.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Xml.XPath.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16048
                                                                                                                              Entropy (8bit):6.72145834744234
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:roCA6iAGpWQz0vWw5kHRN7sUtHNsAR9zak:rusGZ0qtts89zR
                                                                                                                              MD5:C6C828BDD80EB8614D492C8615A42526
                                                                                                                              SHA1:3BBBD2D8D5185DB225A80018067557CF000A46CE
                                                                                                                              SHA-256:958570BAAC6AEECCE60BABA24D33D966B91289BC91EB9E99FF534D1FD4AA8709
                                                                                                                              SHA-512:172C914A6CDD553F91A2B9C42C50A191A5C082D467D04E6B3818EACCFEF117063B45CD9EB3339B185E13BE31D1DAE010FBBA77D95E457519A0F23E599F71424D
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6............"!..0..............*... ........@.. ..............................#.....`..................................*..N....@..d................(...`.......)..T............................................ ............... ..H............text........ ...................... ..`.rsrc...d....@......................@..@.reloc.......`......................@..B.................*......H........ ......................P ......................................Ong.....6.......Qa1.=3..`.<s~'_.Ta.4..L.g....e.S.......z#[.?+2....N.7ajNX...v1.x..7.Sxx.<.A.Y.F9.#.......p..:...|+.:t.f..BSJB............v4.0.30319......`.......#~......\...#Strings....P.......#GUID...`.......#Blob......................3......................................'.........C.............................g.{...%.{.....d.....{...|.{.....{.....{.....{...c.{.....{.............................

                                                                                                                              C:\Program Files\WasabiWallet\System.Xml.XmlDocument.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16032
                                                                                                                              Entropy (8bit):6.74126043443042
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:8TaoqiWrzlsWRTb2HRN7ZK1tHNsAR9zat:Kao4l7/imts89za
                                                                                                                              MD5:9C6138A36F32B8BF73C94CE5E10F8DF6
                                                                                                                              SHA1:DF5DFE7F233844B8AE42DF072B0E1A3DC0D77A8F
                                                                                                                              SHA-256:5E3351BD0129E9B28FDFCF2B3281AABD2C7A562A32AA680D978AA4ED377F0CC8
                                                                                                                              SHA-512:90504B8AA377F4B39772789AC9C09BD901048F80500C407D2C7D1C1C1FA95E2156965A7A2EFEC7899AC2276AE9429DAE14AA07F85800C7342AC332E11D7EFBB8
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`............." ..0..............+... ...@....... ....................................`.................................A+..O....@...................(...`......T*..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................u+......H.......P .......................)......................................BSJB............v4.0.30319......l.......#~..8.......#Strings............#US.........#GUID...........#Blob......................3................................................P.................<...........g.~...2.~.....1.....~.....~.....~.....~.....~...p.~.....~.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........................#.....+.:...+.P...3.f...;.

                                                                                                                              C:\Program Files\WasabiWallet\System.Xml.XmlSerializer.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):18080
                                                                                                                              Entropy (8bit):6.603341634110637
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:b3afk86WYzkvWrTb2HRN7U1DX+iR9z34KtYU:b3afktk8/iU1DuO9zIgj
                                                                                                                              MD5:CD8E3732C9F293B10586C43F6EA7E592
                                                                                                                              SHA1:56DB15C88B2CEAF7949AA4988370AF7D7B5D4EBE
                                                                                                                              SHA-256:139C66145A1F4EF62310C9863443EDF86CB20ACFA322F2504CC50D3613C97433
                                                                                                                              SHA-512:2BA5F347CB8DE023F2E5989442C04F4E4971FF4FF74E7B123512F07CC06E7877DCEDD8B818CB0C99A3AD47797E7AE601CE7F834CB2D8D4018875F95E3D4FDFD7
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...f.u..........."!..0.............N3... ........@.. ....................................`..................................2..V....@...................(...`.......2..T............................................ ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................03......H........ ..0...................P .......................................AG;&..6..L....[......"..A....c......M.!7..*.....B.6..Z.(Cl.lS.>@"0 .4....Z..e...v/_..R..[...i...{.....6C....kgKm..=.rBSJB............v4.0.30319......`.......#~.. ...p...#Strings............#GUID...........#Blob......................3................................J.................................+.....F.....H.....N...............................................................................

                                                                                                                              C:\Program Files\WasabiWallet\System.Xml.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):23816
                                                                                                                              Entropy (8bit):6.278032431652594
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:Y58Ieq5ufyw8bcB8yGgJ2W3zBjsWBOTb2HRN7IMR9zTOCA:Y58IeWv+VzO/iP9zKCA
                                                                                                                              MD5:6E67B64636D0244D0DEFBD27562BCA2B
                                                                                                                              SHA1:56A01FAC2492A4CD12D5203A1118629084C8DBE3
                                                                                                                              SHA-256:92AD546CE2D2E1C7DC3E864CAB2DD2C7A3ECD5F758DB1759530205A81FAFB9DA
                                                                                                                              SHA-512:42A34C558DD53B3B9BA1CA5A61F32AAABF6ACFC0B4D0D8A3F80FDE74446360C7FAE357FE28031C9AA85D73BF5FC5C8D5106DC734BFA219AC6CF42EAF7E30545D
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...BS............" ..0..*...........I... ...`....... ..............................&.....`..................................H..O....`..4............4...)...........H..T............................................ ............... ..H............text...4)... ...*.................. ..`.rsrc...4....`.......,..............@..@.reloc...............2..............@..B.................I......H.......P ..4'...................G......................................BSJB............v4.0.30319......l...x...#~......X...#Strings....<%......#US.@%......#GUID...P%......#Blob......................3..................................................................S.....:.y...<.....O...................................................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.........:.....C.....b...#.k...+.....+.....3.....;.

                                                                                                                              C:\Program Files\WasabiWallet\System.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):50336
                                                                                                                              Entropy (8bit):5.747153362642407
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:3RlKhT46UA2Zi5wRNH5JVb0U502zq1Tntu3oY/is9zhElq:Bu6Zi5i5jzCk3owikzhgq
                                                                                                                              MD5:C39BCBDF5987FF27020DBC64F8567460
                                                                                                                              SHA1:D665456C468C8547A975282EC0B2BC1E20A1F43F
                                                                                                                              SHA-256:CA88AC4F8B1971FCB98A782984D793D6F8E0A16309D47F315F4B9977FD4A74E6
                                                                                                                              SHA-512:0C5FAF6FF441A50848D110B24B4F6D3EFDFC963411A4F144E7770730E886B1C26665D5B6E881D49B6557F25FBC8350F2343FC2623FBCB35619C83B8AFA4A6545
                                                                                                                              Malicious:true
                                                                                                                              Yara Hits:
                                                                                                                              • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\WasabiWallet\System.dll, Author: Joe Security
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...S?H..........." ..0................. ........... ....................................`.....................................O........................(..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......P .....................4.......................................BSJB............v4.0.30319......l....:..#~..d;..dR..#Strings...........#US........#GUID..........#Blob......................3............................-......................=..\..=.....=...=............; ..2.; ..T.M.....m=....m=....; ..9.; ....; ....; ....; .. .; ..P.; ................};....};....};..).};..1.};..9.};..A.};..Q.}; .Y.};..a.};..i.};..q.};..y.};....};....};......[.....d.........#.....+.

                                                                                                                              C:\Program Files\WasabiWallet\Tmds.DBus.Protocol.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):155136
                                                                                                                              Entropy (8bit):6.071118829230021
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:y4y4m0RnIJFMGi/wjEP2ux5gEHSE4evvaEO6Ir0PDvHsYgbvAoCQzkadjciAWj0U:EuRnIJFMGi/wjEPdx5g4SE4avatnAoCr
                                                                                                                              MD5:492783813953BF82E43C2083BF262A7C
                                                                                                                              SHA1:3813353CFAED2027381B775EC050E9F389391C0C
                                                                                                                              SHA-256:6A38C93A728FA33DD1EE35EA5E12EBEF9E9365C2A550D2A1C3D54E46DF8594BA
                                                                                                                              SHA-512:9E07B2F89DA8F86C4D87CC383869E577724CAC81030373427ED0A7E5792890D965480BCF11AD9BF5345752ED3D73F5D264231100C120B95B643563C4DBAFC863
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@.u..........." ..0..T...........r... ........... ....................................`.................................gr..O.......0...........................xq..T............................................ ............... ..H............text...@S... ...T.................. ..`.rsrc...0............V..............@..@.reloc...............\..............@..B.................r......H............t..........Pp.......p........................................((...*^.((..........%...}....*:.((.....}....*:.((.....}....*2.()...(*...*..s+...},.....}-....(......%-.&r...ps/...z}0...*..s+...},.....}-....(......%-.&r...ps/...z}1...*..{2...*"..}2...*..{-...*"..}-...*..(3...*....0...........(4......(5...*..0..2...........(6.....r+..p(7......(4......(5...(...+..(9...*...0...........{:.....,..{;.....-.~<...*..o=.....o>...s?...*...0............(@...t9.....-.*.~A...3..(B

                                                                                                                              C:\Program Files\WasabiWallet\Tor\Geoip\geoip

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):4260708
                                                                                                                              Entropy (8bit):4.012568664101067
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:Vrop8oUWiruzDkOXtheZY0tc8uRf3yqAqnK3YWhzbz4+rUXTdH/:Y
                                                                                                                              MD5:19360AAE1B0040A708B6A3A1EEA0624D
                                                                                                                              SHA1:44073997E1ED63E183B79DE2A1757E9997A834E3
                                                                                                                              SHA-256:F24D1CFAA7B4638A04401EE8635AF7686DDDFEE913C8B1FA04883D7B5BAECEEF
                                                                                                                              SHA-512:6E6B4132615D1A78C10AE36AF9357FFC644B6FEF52B98D3EB34B2FA68C70C4790A77767BC8F35284A19DE9F3ED6FC688C5D6C2594FB6EB733295DDE165227BA6
                                                                                                                              Malicious:false
                                                                                                                              Preview:# This file has been converted from the IPFire Location database.# using Tor's geoip-db-tool, which is available in the.# scripts/maint/geoip/geoip-db-tool directory in the Tor source.# code repository at https://gitlab.torproject.org/tpo/core/tor/ ..#.# For more information on the data, see https://location.ipfire.org/..#.# Below is the header from the original export:.#.#.# Location Database Export.#.# Generated: Fri, 08 Dec 2023 04:51:53 GMT.# Vendor: IPFire Project.# License: CC BY-SA 4.0.#.# This database has been obtained from https://location.ipfire.org/.#.# Find the full license terms at https://creativecommons.org/licenses/by-sa/4.0/.#.16777216,16777471,AU.16777472,16778239,CN.16778240,16779263,AU.16779264,16781311,CN.16781312,16785407,JP.16785408,16793599,CN.16793600,16809983,JP.16809984,16842751,TH.16842752,16843007,CN.16843008,16843263,AU.16843264,16859135,CN.16859136,16875519,JP.16875520,16908287,TH.16908288,16909055,CN.16909056,16909311,AU.16909312,16941055,CN.169410

                                                                                                                              C:\Program Files\WasabiWallet\Tor\Geoip\geoip6

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):6697692
                                                                                                                              Entropy (8bit):3.129972017173658
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:9xtRvKS3jCAhp22ycSbl5ulKcWLPE6TXMZiMN6T7xuxgTEK6uxVg/lr1perrznTd:q
                                                                                                                              MD5:6307242FC579C90FCA26AE70AF6FD7BB
                                                                                                                              SHA1:C0BF46880C6C132D746683279CC90DD4B2D31786
                                                                                                                              SHA-256:F000ACD2F3B02D70640CAD581D72FE77759590232746A9A810F185D527747B31
                                                                                                                              SHA-512:09DA151E84E8ECBA71BD6B160F924C66D3BBA63E83D763348D88E33D778E9E6414A93F2450C44514E52565E730CD1C9F4C0D6BBEEF48A347123A5C0950FB0DB9
                                                                                                                              Malicious:false
                                                                                                                              Preview:# This file has been converted from the IPFire Location database.# using Tor's geoip-db-tool, which is available in the.# scripts/maint/geoip/geoip-db-tool directory in the Tor source.# code repository at https://gitlab.torproject.org/tpo/core/tor/ ..#.# For more information on the data, see https://location.ipfire.org/..#.# Below is the header from the original export:.#.#.# Location Database Export.#.# Generated: Fri, 08 Dec 2023 04:51:53 GMT.# Vendor: IPFire Project.# License: CC BY-SA 4.0.#.# This database has been obtained from https://location.ipfire.org/.#.# Find the full license terms at https://creativecommons.org/licenses/by-sa/4.0/.#.2000::,2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff,??.2001:200::,2001:200:134:ffff:ffff:ffff:ffff:ffff,JP.2001:200:135::,2001:200:135:ffff:ffff:ffff:ffff:ffff,US.2001:200:136::,2001:200:179:ffff:ffff:ffff:ffff:ffff,JP.2001:200:17a::,2001:200:17b:ffff:ffff:ffff:ffff:ffff,US.2001:200:17c::,2001:200:ffff:ffff:ffff:ffff:ffff:ffff,JP.2001:201::,2001:

                                                                                                                              C:\Program Files\WasabiWallet\WabiSabi.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):80384
                                                                                                                              Entropy (8bit):5.918040586170794
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:t5gQh2t793RPeS5777Qwe0v+o1mjcFiXOi+QGRNbQV+bbzvg:TgQ4RPeSVe02o1mRaIes
                                                                                                                              MD5:7D9458FB35AB32711288584434FCC8B2
                                                                                                                              SHA1:39D16264012FBAF1DB2A67EEDAB933D29B998DB3
                                                                                                                              SHA-256:DA9662F80B9CD2227A5F9D8FA4833E3EB35483FD177CA6B2FA1988F85BED0151
                                                                                                                              SHA-512:BAC55234341CAB223606595BE6567E93D7D086BB43EE4C38732152A5233DA57C22FFAEF85F7C993224A0EF779BA12C004E1C1B875A9FE1D41024DFBBB5005794
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..0...........M... ...`....... ....................................`.................................QM..O....`..\...........................|L..T............................................ ............... ..H............text...x.... ...0.................. ..`.rsrc...\....`.......2..............@..@.reloc...............8..............@..B.................M......H.......4...H.............................................................($...*^.($......J...%...}....*:.($.....}....*:.($.....}....*......(%...*V.(&.....}......}....*..{....*..{....*.0..O..........(....o'....+..o(......o)...a...b...c`..o....-....,..o......(....o)....(...+*.........%3........-..*.(.....o....(....,..(.....o....(...+*.*....0..@.......s,.....r...po-...&.r!..po-...&..o....,... o....&..}o....&.o/...*.(0....r)..po-...&..(....o1...&.r5..po-...&..(....o1...&.*...(..

                                                                                                                              C:\Program Files\WasabiWallet\WalletWasabi.Daemon.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):114688
                                                                                                                              Entropy (8bit):5.949519931923998
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:H4n7tx5hYh1bbuc4+kVC5csbtcagwqdeB95:HkNBEcsuLreB9
                                                                                                                              MD5:8A2D48D9C8705A7A4CCBFABDEE0D7F8A
                                                                                                                              SHA1:1BA9BB7CCC9B4A932248211A914BD2F58B201A51
                                                                                                                              SHA-256:7D15E3CF1073DED7E7157D81B9FDF77C138547F9ED376BF838136E41A5BDBE83
                                                                                                                              SHA-512:AE219B0498EC2DCFAA53B5560A5B65E0018BC7CBC96E85BCD162B8B179B08B1FAA1ED85738DA00D830DCB8F6EA1CA393BA9B54C4E6275A5A5245878F06BAC1DE
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................."...0.................. .....@..... ....................................`...@......@............... ..................................................................T............................................................ ..H............text...^.... ...................... ..`.rsrc...............................@..@........................................H............)...........................................................0..V.......r...p.r...p(&........+4.......o'...,".....o(...........o(.....Yo)...Q.*..X....i2...Q.*...0..E.......s......r...p.r...p(&...}R...........s*...(...+.......s,...(...+(...+*....0.."........(/.....}......}.....s0...%r...pr...p.r...p.(....os...o1....(,...s2...o3...%r...pr...pr...p.(....ou....(/...s2...o3...%r<..pr`..pr<..p.(....ow....(/...s2...o3...%r...pr...pr...p.(....oy....(/...s2...o3...%r...pr...pr...p

                                                                                                                              C:\Program Files\WasabiWallet\WalletWasabi.Daemon.exe

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):143360
                                                                                                                              Entropy (8bit):6.068712186994486
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:riS4omp03WQthI/9S3BZi08iRQ1G78IVn28bSQcJi8ltO:riS4ompB9S3BZi0a1G78IVjcAct
                                                                                                                              MD5:7170C6A53FB29A23A177C3F422E44A68
                                                                                                                              SHA1:AFDFB7DFE714E7609B7FC41BFAE65142225045CE
                                                                                                                              SHA-256:8680D0236C4B1A95ECA30CE01857958A9217EE0D4F8E79371CB4EE86CA4141C9
                                                                                                                              SHA-512:78E3ACB3C07BCEC428B009F6D5B1E8C98CEEB6BCCE673F7D93D56455FA248C8FE1BD10FA819FF6995A863A3BED1A7165BCB4C2368FC5422D6DAC5E1F490DECA6
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........................HY.....HY.....HY......i..............C...Z.....Z.....Rich....................PE..d......e.........."....'.j..........`..........@..........................................`.................................................$................@...............p......0...T.......................(.......@............................................text...\i.......j.................. ..`.rdata..............n..............@..@.data...P.... ......................@....pdata.......@......................@..@_RDATA.......`......."..............@..@.reloc.......p.......$..............@..B.rsrc................(..............@..@........................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\WalletWasabi.Daemon.pdb

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Microsoft Roslyn C# debugging symbols version 1.0
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):31948
                                                                                                                              Entropy (8bit):5.735027645480791
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:FewnKSIB8HzleJlFraezfYlG5t+eiQqdSY6:hj48VlQviQ4+
                                                                                                                              MD5:4B52578436B8267A51767793163FAA80
                                                                                                                              SHA1:34E191F447E46D44A3CBD641B209571829ABBE0C
                                                                                                                              SHA-256:49A7C222AC03EE73B524523C270D89DF36E8CD226C932C0DE82CD6903DE84861
                                                                                                                              SHA-512:7DF5DFA70C195F1C3CB1CC9706E45A93786F7E93638A4FF58BE5C2062588B7161925BFB4653090891C7E92473D14C7C647A1331DA877628311DC8EFD450BEB85
                                                                                                                              Malicious:false
                                                                                                                              Preview:BSJB............PDB v1.0........|...x...#Pdb........|$..#~..p%......#Strings....x)......#US.|)......#GUID....*...R..#Blob...u...m9.N..*8..6.n......W...........$...4...........u...,...j.......s...Q...................q...........).......s...........................................w...........!...(...,...W...[...........................2...9...n...s...........0...=.....J/.../.../...0...0...0...1...1...1...1..&1...1..61..>1..F1..N1..V1..^1..f1..n1..v1..~1...1...1...1...1...1...1...1...1...1...1...1...1...1...1...1...1..$2..J2...2...2...2...2...2...2...3...3..,3..>3..x3...3...3...3...3..19..99..A9..I9..Q9..Y9..a9..i9..q9..y9...9...9...9...9...9...9...9...9...9...9...9...9...9...9...9...9...:...:...:...:..!:..):..1:..9:..A:..I:..Q:..Y:..a:......................i:...:...:...:.......:...:...:...;...;...;...;..';..0;......8;..?;..F;..M;..T;..[;..b;..i;..p;..w;..~;...;...;...;...;...;...;...;...;...;...;...;...;...;...;...;...;...;...;...<...<...<...<...<..&<..-<..4<..;<..B<..I<..P<..X<..`<..h<

                                                                                                                              C:\Program Files\WasabiWallet\WalletWasabi.Daemon.runtimeconfig.json

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:JSON data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):478
                                                                                                                              Entropy (8bit):4.716371873152707
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:dFG0b2voBEe01/SQ4sJPQ45kAIJI5x+K8E7nS2r2:dwoBEx1nHuI50K8
                                                                                                                              MD5:85EEA3EAB6BDF8300ED87C37B3ADB148
                                                                                                                              SHA1:40FC3E36E047EB2317E9D8380238796DD8C4E598
                                                                                                                              SHA-256:7A31F8FB44D1EA434BE38D6D3061E149502CF03E82EE498633C88CE9433EB3A2
                                                                                                                              SHA-512:56318AB7CC6ED26F6F9F7822A76ABAA97F9F6B1EFB25C37DADA531CA4855E2CD66222B1B337B156B13F3E2B9752096163834E9B5D855220D20CB0AD51C230D83
                                                                                                                              Malicious:false
                                                                                                                              Preview:{.. "runtimeOptions": {.. "tfm": "net8.0",.. "includedFrameworks": [.. {.. "name": "Microsoft.NETCore.App",.. "version": "8.0.3".. }.. ],.. "configProperties": {.. "System.Globalization.Invariant": true,.. "System.Globalization.PredefinedCulturesOnly": true,.. "System.Reflection.Metadata.MetadataUpdater.IsSupported": false,.. "System.Runtime.Serialization.EnableUnsafeBinaryFormatterSerialization": false.. }.. }..}

                                                                                                                              C:\Program Files\WasabiWallet\WalletWasabi.Fluent.Desktop.deps.json

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:JSON data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):84659
                                                                                                                              Entropy (8bit):4.906922075948081
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:QIaD9aPV+KTqweIRsM0UH8f8yvs8C3i/popyar7SN601nwl7cCxN1uTnWFMgj+NK:QIgBopr7SN601nwl9xraWqH5O/1
                                                                                                                              MD5:DFCAFC9E7532CC51FD4B2C54ACD8016B
                                                                                                                              SHA1:7F502E0EECA9D4D22EA56B550206153B5CDEA1ED
                                                                                                                              SHA-256:C11857340E3BEF7B8BEF498F6F8C1A6EBFCE2296174F4450235D81648C7A1F76
                                                                                                                              SHA-512:96716711164610D265E617477FED0786597BDA499ACC7B718FAAF4FC633D1F26E8D94CEB78BBE9CD6FF9125C94C77F860D9E0AF97BB67D3B4070E1F8FEBC6BFE
                                                                                                                              Malicious:false
                                                                                                                              Preview:{.. "runtimeTarget": {.. "name": ".NETCoreApp,Version=v8.0/win-x64",.. "signature": "".. },.. "compilationOptions": {},.. "targets": {.. ".NETCoreApp,Version=v8.0": {},.. ".NETCoreApp,Version=v8.0/win-x64": {.. "WalletWasabi.Fluent.Desktop/2.0.7": {.. "dependencies": {.. "Avalonia.Desktop": "11.0.999-cibuild0044755-beta",.. "Avalonia.ReactiveUI": "11.0.999-cibuild0044755-beta",.. "Microsoft.CodeAnalysis.BannedApiAnalyzers": "3.3.4",.. "WalletWasabi": "1.0.0",.. "WalletWasabi.Fluent": "1.0.0",.. "WalletWasabi.Daemon": "1.0.0.0",.. "runtimepack.Microsoft.NETCore.App.Runtime.win-x64": "8.0.3".. },.. "runtime": {.. "WalletWasabi.Fluent.Desktop.dll": {}.. }.. },.. "runtimepack.Microsoft.NETCore.App.Runtime.win-x64/8.0.3": {.. "runtime": {.. "Microsoft.CSharp.dll": {.. "assemblyVersion": "8.0.0.0",.. "fileVersion": "8.0.324.1

                                                                                                                              C:\Program Files\WasabiWallet\WalletWasabi.Fluent.Desktop.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):295424
                                                                                                                              Entropy (8bit):5.748298085155343
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:yvMeeVCbHAmdTgebPPDh5+vMeVVCbOAW:yEAdTgUhoEY
                                                                                                                              MD5:3A8298010328AF57558A6F133E966F44
                                                                                                                              SHA1:1698C5EC6F9D12F39360B0A627552B00A76EA243
                                                                                                                              SHA-256:F0B84371EE0D79E4450B7C94D8986A76A8330A89DDB05B09BF2676B711F7C9FA
                                                                                                                              SHA-512:9B1FB681853B65C542FFD85D14D83B53ECA99B9A7870622472388D7520E7CDA00BE047147AF1C6B1378F2EEF9DBCE2367D09C0599634B05384FDB823A31F674B
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...q............."...0.................. .....@..... ....................................`...@......@............... .................................................................T............................................................ ..H............text....... ...................... ..`.rsrc...............................@..@........................................H........-...1...........^.. U...........................................0..7.........(....}.......}.......}......|......(...+..|....(....*..0..3.......(....~....%-.&~..........s....%..............o....*..0..X........r...p.(.......+......o ...(!...&..X....i2..r...p.("......+....%..o ....(#.....X....i2.*.0..5.......s$.......r...p(%...o&......,..o'......((.....(......*.......................&&.......0............()...r)..p(%....rC..p.(.....r...p(%...(*...,#.rK..p(%...ri..p.r...p(+...(,

                                                                                                                              C:\Program Files\WasabiWallet\WalletWasabi.Fluent.Desktop.pdb

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Microsoft Roslyn C# debugging symbols version 1.0
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16708
                                                                                                                              Entropy (8bit):6.495425893599991
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:WeLoANTUfr9lrcXCH4a0sv+upEqrq6GUagKHThtbHgfopsync7cYwqFe:WDmglhraFzfYw
                                                                                                                              MD5:A3499F4705A0D6451C901682957497DE
                                                                                                                              SHA1:7C3524065284ACA9D2833933C99C151BF2AF3B2C
                                                                                                                              SHA-256:A2894EC6B1413ECD42FBF04803300697CBA1CCF9108363E6DACE5A6B7057015F
                                                                                                                              SHA-512:A1ED3DF4913AEF35ADB4016F81913A77C2792A44CB62D24A9ABE669ACADFB189CB2718934522BF030B532CB9E7BD49EC60297FF5D7D1B2744A64EC4279679A3D
                                                                                                                              Malicious:false
                                                                                                                              Preview:BSJB............PDB v1.0........|...d...#Pdb........p...#~..P...X...#Strings............#US.....`...#GUID.......8<..#Blob....lCab..M...d......1.....W...........v...........'...............G...............................................................'.......................?...D...u...y..............."...o...|..........8...8..%9..P9...9...9...9...9...............9...9...........:...:...:.......:...:..............>;..^;......f;.......;.......;.......;...;.......;................7...............3...............X...............5...............$...............................~.............................................../...............................7...............................D...............+...........................................................................:...)...............K...............................s...............+... ...........7...!...............#...............$...............$...........~...&...........A...................&.....6.....=.....G.............

                                                                                                                              C:\Program Files\WasabiWallet\WalletWasabi.Fluent.Desktop.runtimeconfig.json

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:JSON data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):478
                                                                                                                              Entropy (8bit):4.716371873152707
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:dFG0b2voBEe01/SQ4sJPQ45kAIJI5x+K8E7nS2r2:dwoBEx1nHuI50K8
                                                                                                                              MD5:85EEA3EAB6BDF8300ED87C37B3ADB148
                                                                                                                              SHA1:40FC3E36E047EB2317E9D8380238796DD8C4E598
                                                                                                                              SHA-256:7A31F8FB44D1EA434BE38D6D3061E149502CF03E82EE498633C88CE9433EB3A2
                                                                                                                              SHA-512:56318AB7CC6ED26F6F9F7822A76ABAA97F9F6B1EFB25C37DADA531CA4855E2CD66222B1B337B156B13F3E2B9752096163834E9B5D855220D20CB0AD51C230D83
                                                                                                                              Malicious:false
                                                                                                                              Preview:{.. "runtimeOptions": {.. "tfm": "net8.0",.. "includedFrameworks": [.. {.. "name": "Microsoft.NETCore.App",.. "version": "8.0.3".. }.. ],.. "configProperties": {.. "System.Globalization.Invariant": true,.. "System.Globalization.PredefinedCulturesOnly": true,.. "System.Reflection.Metadata.MetadataUpdater.IsSupported": false,.. "System.Runtime.Serialization.EnableUnsafeBinaryFormatterSerialization": false.. }.. }..}

                                                                                                                              C:\Program Files\WasabiWallet\WalletWasabi.Fluent.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):4620288
                                                                                                                              Entropy (8bit):6.14851044608411
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:OQhmnkrEtEUrr7Sbnlqkin26tMIGF1+YHNu+NhDSBEqJBqka0orPl3qoUghxAIW2:OsaYne2OkTtusTAghxAIWTC
                                                                                                                              MD5:A978F1E22A334BDFFFE201763C90CE99
                                                                                                                              SHA1:EA7DA4B7102E4714BECB7A5CC604A5BAEF5F2A9E
                                                                                                                              SHA-256:ED66F96A998E2D38FAFD5FDEDA099F6F0A61057C7C3736ACB5F9B3DD78847C43
                                                                                                                              SHA-512:D143E7D1EE3B907B9595FDFEF64DC227BC3EB2DCE62C5E37169DCFAF19B4D7197E1EBB6D5A230980601794361A6503A39DBFCECF2430EBADACF99F27288E48E7
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...Z............." ..0..zF.............. ....@...... ........................F...........`...@......@............... ................................F...............................F.T............................................................ ..P............text....yF.. ...zF................. ..`.rsrc.........F......|F.............@..@........................................H.......dQ"..F$..........O........................................................{....*..{....*..{....*r.(......}......}......}....*....0..Y........u........L.,G(.....{.....{....o....,/(.....{.....{....o....,.(.....{.....{....o....*.*.*....0..K....... ...D )UU.Z(.....{....o....X )UU.Z(.....{....o....X )UU.Z(.....{....o....X*..0...........r...p......%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....(....*..{....*..

                                                                                                                              C:\Program Files\WasabiWallet\WalletWasabi.Fluent.pdb

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Microsoft Roslyn C# debugging symbols version 1.0
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):650544
                                                                                                                              Entropy (8bit):5.788389069046256
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:fsfe57pxbsC4mKUFDHkblKAcNN3pjMHY53zDOb5JC6jV73hJtBAP60iLdN3X/9rl:yYLL3j+EN3yg32LAPPditFfKca6
                                                                                                                              MD5:475F3192634E366A4B7454CA9E7AC16D
                                                                                                                              SHA1:7D0E025D9D51ABCCF5321DE1ABF6650DA4567745
                                                                                                                              SHA-256:2329D52D48D994670F2F2250287F07C14F5B11F8C071C7045D3E41AA31D827FC
                                                                                                                              SHA-512:66E8419D25FF94CED4EA668AAB9893C4701F3613161593FD66C4827764263C33B363BB7AE755CCD8B07264B82F92BC3AF641391D2C77FF1FC5C29E4EEDC62976
                                                                                                                              Malicious:false
                                                                                                                              Preview:BSJB............PDB v1.0........p.......#~..,....)..#Strings....4.......#GUID...........#Blob...........#Pdb.......................3.........2..T ..........\............4....#4....\H....dH.....K.....K....]M....eM.....Q.....Q.....T.....T.....V.....V.....W.....W.....c.....d.....d.....d.....e.....f.....g.....g....wh.....h.....i.....i.....j.....j....Ik....ek.....l.... l....jl.....l.....l.....l....Mm....im.....m.....m.....m.....n.....o.....o....Jp....fp....Hs....Xs.....s.....s.....v.....v.....w.....w.....x....3x.....x.....x.....y.....y.....z....,z.....z.....z....({....D{.....|.....|.....|.....|....Q}....e}.....}.....}.....~.....~..........1.................R.....n.................k...........g.....{................[.....o................&.....:.................A.....U............................^.....z.....S.....g........................................................5...............(.....D.............................*.....B.......................+.......................-.....s...

                                                                                                                              C:\Program Files\WasabiWallet\WalletWasabi.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2183680
                                                                                                                              Entropy (8bit):5.9187212766366395
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:IqHwqZswHnCqWh2RSB2LteEe8TrdESQzCjT2JCs6VsS/xOAKS3C:IUO2WzC34CsdC8
                                                                                                                              MD5:F6A18288CB3A3CC396E0B5C5744B2694
                                                                                                                              SHA1:4CA3A2A66D9B416F56BCE34D8E9343910CF4BA49
                                                                                                                              SHA-256:32C5951F2CA1345E9051D27C0AF7D414D7AD712B808F308A7FA9E7E8BED4DF28
                                                                                                                              SHA-512:7316FB3CA1DAD8D3606CBF32220BFF4E84D9216A0FE43DB9447698B8DB647192CAD2E71F06DAD6317C9B7AF23BC4303854BFEEFE9D9526AF77E56D608EA2DB74
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." ..0..L!.............. ........... ........................!...........`...@......@............... ................................!.D............................e!.............................................................. ..H............text...0J!.. ...L!................. ..`.rsrc...D.....!......N!.............@..@........................................H.......XI..,.............................................................{....*..{....*V.(......}......}....*...0..A........ud.......4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. g;.. )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%qg....g...-.&.+...g...o.....%..{.......%qh....h...-.&.+...h...o.....(....*..{....*..{....*V.(......}......}....*.0..A........ui.......4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. .... )UU.Z(.....{

                                                                                                                              C:\Program Files\WasabiWallet\WindowsBase.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):16672
                                                                                                                              Entropy (8bit):6.723849280223637
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:CyCmaITFWQlMXD1ldWkz1cWod43WT56Os1HnhWgN7akWff9y5p5yttuX01k9z3Ak:1asFWQ8Wkz1cW415kHRN7L6SR9z9
                                                                                                                              MD5:8E204952587FB11D2147E211535C209E
                                                                                                                              SHA1:60FCFCAD56284BAA274E094F7129F852F97D484C
                                                                                                                              SHA-256:468E97A2C5CAFDE1DDBFD2BC5A384D57D3DC5F497E48477F1EF227490A663D8E
                                                                                                                              SHA-512:2718C648262EBC74FC2F19B67A2CDF72FF0C19781300E492EB56F010AB63297003F08C98657EA193BB62DE843CC1D470877616273A5435DE383B85738751634F
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............-... ...@....... ....................................`.................................O-..O....@..4............... )...`......x,..T............................................ ............... ..H............text........ ...................... ..`.rsrc...4....@......................@..@.reloc.......`......................@..B.................-......H.......P .......................+......................................BSJB............v4.0.30319......l...p...#~......8...#Strings............#US.........#GUID...(.......#Blob......................3................................................................................r.....r...Q.(...g.r...6.r.....r.../.r...L.r.....r.....r..... ...........u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u...a.u...i.u...q.u...y.u.......................#.....+.C...+.Y...3.o...;.

                                                                                                                              C:\Program Files\WasabiWallet\av_libglesv2.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):4369408
                                                                                                                              Entropy (8bit):6.340304493634699
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:I1qISHMa72SRXc0kFg760EvAy4U5hDempTKkslMx0YEQtHhcEIy/rcgcrq8T/2tj:vbMNgMdth1t
                                                                                                                              MD5:73D2FB4C35D323813A86E3BF5C85C345
                                                                                                                              SHA1:81F751A34E0C25BDEA93902A19A94A49CE1495DF
                                                                                                                              SHA-256:85B3AEE47C0E0EAF3A5EA5C75BA8131387A12639B6A0EF280C28531FB77695AE
                                                                                                                              SHA-512:E81677CC9B99FF3D54F67000A60489603E01A896F90C4EF0C883B82E2FDB7B90D2899C078958B3F060A20373B99CB6C4DEB7F64CC4C7E0BA2A708209F4684CA4
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................................M...................#.........t...............F...W..~..W......W.......W.......W.......Rich............PE..d...}.e_.........." ......,..<.......%(.......................................C...........`...........................................9.......;.P....0B.p....0@..............@B..... .8.8...................X.8.(.....8.0.............,.p.....9.@....................text.....,.......,................. ..`.rdata...?....,..@....,.............@..@.data....6....;.......;.............@....pdata.......0@.......?.............@..@_RDATA....... B.......A.............@..@.rsrc...p....0B.......A.............@..@.reloc.......@B.......A.............@..B........................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\clretwrc.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):310944
                                                                                                                              Entropy (8bit):4.237489448193896
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:gx9XK6chFa5y9sh33X+QIa7rGgtfqYZdCh:Oq0FfqYZdU
                                                                                                                              MD5:66EC09C4B67B94F7AC10CDC979FB4B2E
                                                                                                                              SHA1:2F7EFCF36DD9F92F922B7BA48E66B1EECB5A1F79
                                                                                                                              SHA-256:615BBAFC286FA42888594B644C80FC642AD87198772DFDEAC6BD73FDE360F02E
                                                                                                                              SHA-512:3A2A382731CE6C8DC481D7C136F10E084D7B439F4C91C6CE609993C635EA2B9BE8F5B9492170B448AB2F087E015B626C5504C2126B97815953E6E42BA040F44C
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]=..<S..<S..<S....<S..Q..<S.Rich.<S.PE..d....O.e.........." ...'.............................................................K....`.......................................................... ...................(..............T............................................................................rdata..X...........................@..@.rsrc........ ......................@..@.....O.e........l...l...l........O.e.........................O.e........l...................................RSDSx.....*H.$....'.....D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\clretwrc\clretwrc.pdb.............................T....rdata..T........rdata$voltmd...l........rdata$zzzdbg.... .......rsrc$01.....!......rsrc$02....................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\clrgc.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):671904
                                                                                                                              Entropy (8bit):6.603745761938388
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:Wvt81alt/rS8S47ZE+h9ATLbp7ZqAuARJsGdM:c81alZlS06C9GLbdyF
                                                                                                                              MD5:0A0C5ED9B5608A804CD24B6C328F636F
                                                                                                                              SHA1:DAA582E484946589465402F43555CC8C2CB07CDF
                                                                                                                              SHA-256:818B19E28D7A73DB63983C0BCD4086F76F6A651C7044EFECBBACF21E94576C85
                                                                                                                              SHA-512:F2F8EA6871D9056BC9814FD76DE42DCE4CEBAC20375B3DC0F88F5273F97D46B3C7E09466A5360D06D9ADFCA97BC04E0F46A5708345AD4D0D525F530F801FDB44
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........@:l.!T?.!T?.!T?.Y.?.!T?.YU>.!T?.!U?.!T?.!T?.!T?H.Q>.!T?H.P>.!T?H.W>.!T?..]>.!T?..T>.!T?...?.!T?..V>.!T?Rich.!T?................PE..d....N.e.........." ...'............ ................................................"....`A........................................@...d........................G.......(...........;..p............................:..@............................................text...`........................... ..`.rdata..............................@..@.data...............................@....pdata...G.......H..................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\clrjit.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1787040
                                                                                                                              Entropy (8bit):6.548829609957473
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:VsNZHZGqcJZvpLLzoeW/Lwt1hAZk/VdkH9rLS6QJZC:w8RLoert1hlVuH9rG6/
                                                                                                                              MD5:D7B1AFB227460E1A2677012A13E88CB1
                                                                                                                              SHA1:5161B2D4CACD84DD803CBA6C3AF810A3389E581F
                                                                                                                              SHA-256:342C9C315D6A2E7DD65822684FCCF2758FE32FA595F7C077B4BA5E8DE133F45C
                                                                                                                              SHA-512:EB9B5F5A0017D6C1C0F0DD4BE4C94140A64DC2C217D7E4832413ED028C6F158766BA31172DE73B3F57A04F7206690457180420C9C4BAF4CA4B2BD0BE0DC84116
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......xt..<.r.<.r.<.r.5m..0.r.wms.;.r.<.s...r.<.r.=.r...w...r...v.,.r...q...r...|.D.r...r.=.r.....=.r...p.=.r.Rich<.r.................PE..d....N.e.........." ...'.B...........E..............................................U.....`A.........................................................`.......`...........(...p...... Q..p.......................(....O..@............`..p............................text....A.......B.................. ..`.rdata.. ....`.......F..............@..@.data....h.......@..................@....pdata.......`......................@..@_RDATA.......P......................@..@.rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\coreclr.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):5034656
                                                                                                                              Entropy (8bit):6.556970778257823
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:gWsx+2WxbIoZJy18hmZCDUshac/GgUTDX+m8UQWBtA0KlovB5s2vNv2F9pF1FkxU:y+2WxbIoZB2Ya3mKnN2crQhMH6rkHU
                                                                                                                              MD5:2A4455D7E5EC666EFAC5BADB27836C55
                                                                                                                              SHA1:F175D7E3D0322C7B4B1103A0AA118F17202252F0
                                                                                                                              SHA-256:DBF7704FADA2F23B333AD03C8553071F306828E875DC37E514C3BC3E2A03910E
                                                                                                                              SHA-512:6BF4EC283309F9F3A6CA9581B38458AABDEDD99C2CC18F41786CB62BC4F0D4CFAED3B2C85988B9260034684A2110D8DC613BD7850FF372C0C87B643498E34DD4
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Ve...............|k.....Y|......Y|.........................>.................;.......;.......;.......;.........o.....;.......Rich....................PE..d....P.e.........." ...'..;..T...............................................`N......OM...`A..........................................G.|...l.G.,.....M.......I.......L..(....N.._...=.p.....................>.(...P.<.@.............;.......G.`....................text...r.;.......;................. ..`.CLR_UEF\.....;.......;............. ..`.rdata...`....;..b....;.............@..@.data........0H..:....H.............@....pdata........I......>H.............@..@.didat..8.....L.......K.............@...Section.......L.......K.............@..._RDATA...4....L..6....K.............@..@.rsrc.........M......BL.............@..@.reloc..._....N..`...JL.............@..B........................................................

                                                                                                                              C:\Program Files\WasabiWallet\createdump.exe

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):65856
                                                                                                                              Entropy (8bit):6.380232576788596
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:T0LeoUSVZxAxbIQ/Zs9OHEAQp/olVS8XooL3ETLrTj/i7FT9zp0:+eotVy48HEADlVxS3Tzi7Tzp0
                                                                                                                              MD5:1AE397526E3EF0869E7028DE0BE285AD
                                                                                                                              SHA1:EED21A52B59449F9B3D5EB05C2B3078AE6EA9FDD
                                                                                                                              SHA-256:0A50C559E8C0CDA317350DBB2B5701FC603351DF7D823AB5278DC346D4B355DD
                                                                                                                              SHA-512:ADD3FAB6EE36F54FD48A13EA958FFF17F384CF762471FDCDC00B8201A50C005C7E46166D0B5E55CB8ACC9F81DE4E264DE49DD2F84BC6C079A7FEAC43A64B4F3F
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7$..VJ.VJ.VJ.VJ.VJ....VJ.Y.O.VJ.Y.N.VJ.Y.I.VJ...K.VJ.VK..VJ..C.VJ...VJ.V..VJ..H.VJ.Rich.VJ.........PE..d....O.e.........."....'.....\.................@............................. ............`.............................................................................@)......t......T...............................@............................................text............................... ..`.rdata..z=.......>..................@..@.data...X...........................@....pdata..............................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..t...........................@..B................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\e_sqlite3.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1691648
                                                                                                                              Entropy (8bit):6.533832660810207
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:KFpe/1CmBo+xp1cXQDd7H7GZjAkjDOnDuQ+7X:7JhcXQD1GZjAkjixi
                                                                                                                              MD5:D93FC939CF4C875FC065C37E771DA367
                                                                                                                              SHA1:5A035170E758C13913A41CC427DE556485C5EF5D
                                                                                                                              SHA-256:DCCBABB2BC7E7D4302C44D9CE41B70721A7D0914FA4D289E2F340D39766AD102
                                                                                                                              SHA-512:E442DC97C14522E675067A85589698B657B43AEFF91BBD75EFC2DB8FD7BBD0C5939DECE270EB0FC4C108113B1246CE7268F8F38FD63C754F364D19DEC40551E2
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Z............................................................................F.......F.......F.=.....F.......Rich............................PE..d......d.........." ........................................................ ............`A.........................................M...$.. r..(.......................................T............................/..8............ ...............................text...`........................... ..`.rdata..._... ...`..................@..@.data....}.......h...p..............@....pdata..............................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\hostfxr.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):354464
                                                                                                                              Entropy (8bit):6.311326122414342
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:7vz3Bj/CsHJZax2RvyE+9sd7Is3Rx8dYSxl2or:NzH+x2l+9sdkUCEU
                                                                                                                              MD5:6AABFF5882F05E316B8DE37D65362523
                                                                                                                              SHA1:E22624B6B6B86027F37895C1CA5107E78EBD4793
                                                                                                                              SHA-256:8B4A377B76A8EDFB6326716D44E2B541FBB0905499F203F14E32484236914A6C
                                                                                                                              SHA-512:1BD9AA330C4547CC1F4F12E61EF4015546EBB2BBC30DD7705955CE23F387B3554E36D6519781266BDC5C5CF159317C3828AB2C2E5822C4B3EB7E2E89ACC95F10
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WL...-...-...-...-...-......-......-.....@-...U\..-..XU...-...-...-..:....-..:....-..:.0..-..:....-..Rich.-..........................PE..d....V.e.........." ...'............`:..............................................#1....`A........................................ ................p.......0...+...@...(..............p.......................(......@...............`............................text............................... ..`.rdata..TL.......N..................@..@.data...............................@....pdata...+...0...,..................@..@_RDATA.......`.......2..............@..@.rsrc........p.......4..............@..@.reloc...............:..............@..B................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\hostpolicy.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):399008
                                                                                                                              Entropy (8bit):6.341297739208635
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:3wQ+M4Zo55HH7P2qleoCIMzhnYK9C2N/4CfjlUr3MBxnTr3mF:gtG55HHKqleyMyK994CfjkcHk
                                                                                                                              MD5:5556E4C5A65E6979786278D77E23A6FB
                                                                                                                              SHA1:7000E0D31ABC7951E8FCF0D2137AB970038B200C
                                                                                                                              SHA-256:75406A4333408AD1AD97920E30D9744FF8BDDBC525AA18FA489B9EFE2124CEF5
                                                                                                                              SHA-512:03727E025A674270D8D3D13C16EA07D97CF88C155150085C1531CEF81F64EA8E2E072746217D09440DAAAE6D19D3E22F16EBDC88A6964AFA9EFE4A259506539D
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........NW.. ... ... ... ... .zH$... .zH#... .zH%... ....... ..!... ...!.{. ..K)... ..K ... ..K.... ..K"... .Rich.. .........................PE..d....V.e.........." ...'.L...................................................@.......(....`A........................................... ............ ..x.......$3.......(...0......0...p....................!..(.......@............`...............................text....K.......L.................. ..`.rdata...N...`...P...P..............@..@.data...p...........................@....pdata..$3.......4..................@..@_RDATA..............................@..@.rsrc...x.... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-console-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19256
                                                                                                                              Entropy (8bit):6.976564317366896
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:6WPhWFRDz6i00GftpBjJN2LemdklP5dP6n:D3oijmeT5C
                                                                                                                              MD5:5A75A7940BC8762E41DAFCCE9C07628B
                                                                                                                              SHA1:1CA449C744B11AB4459A4BD7E11F8D2740C62436
                                                                                                                              SHA-256:4AAF273C4CB1D93B8C8686843FFBC577D31E1C010E02AE8E72478C5B52DDA06D
                                                                                                                              SHA-512:2E8EA9E61BCE4F5520AABB4E34D113D59F253AE890AE337167D4EB4F73452BB1A12342CD8E22FF5D20D18D18D492E45B029B5FC934D7A3C76F4C00CDC414BA9A
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d...N............." .........................................................0......h.....`.........................................`...,............ ..................8=..............T............................................................................rdata..,...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-datetime-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):18744
                                                                                                                              Entropy (8bit):6.98854742501471
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:xWPhWF33di00GftpBj4Fbhemu8lP5dPPGI:2INoiEbheVc5YI
                                                                                                                              MD5:B7300D7A31BC0C3ABB631F1951CC103A
                                                                                                                              SHA1:1D510C44E16251BCFBC6050FC8E0D602B4DC40D0
                                                                                                                              SHA-256:A580C502170462431A197954EADA3A2B92CDDDA8E77D489475A8FA6DA0000349
                                                                                                                              SHA-512:05101C69906CA7AE1A00AD9A03EE94BEF08BB6D8B7879E5D9E03EDD49FF7B3345BDBAC361E6BF46962B662756118E5430C848956031C28ED3E379C88AD025430
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d....pm..........." .........................................................0......{>....`.........................................`................ ..................8=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-debug-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):18744
                                                                                                                              Entropy (8bit):6.995380081616985
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:DWPhWFVF3di00GftpBjfjemMqlD165/9l:QENoiJeFbr
                                                                                                                              MD5:B65D571875079332C81963FF98E62AB3
                                                                                                                              SHA1:DC68643C467610C27B7D522277DCAD8BE773239A
                                                                                                                              SHA-256:B83A794600A47BE935CC562ACE7A4D531083C76FCC8AC6424D008F1034EEDF96
                                                                                                                              SHA-512:D8414B4473A5D5EAE26B424B26C9BF9B7F3EAE0BC6D5AEAACF687DF71360CD4C9DF12CA47D894470242F2FA6DE361F19E9C2A36B56290DDD192CC76A646A2E7B
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d....2..........." .........................................................0............`.........................................`................ ..................8=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):18744
                                                                                                                              Entropy (8bit):7.019873850966366
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:n5XWPhWF5Ti00GftpBjvOemaqv1lP5dPsq:n5s2oikeuH5n
                                                                                                                              MD5:CB34F8D3A8C9038E14172E2B09C5A91B
                                                                                                                              SHA1:9A4748D8B30337ECF020B1171E016D7BA0690FD9
                                                                                                                              SHA-256:3975CA725AE8F6F635560329EE00E214F58D6A2C9E8D355756481F92C068CD43
                                                                                                                              SHA-512:C34AE4345DAA3843F41E2F70820E803EAF6AABA647C4892A63232D4BAC187C53CB54B02744027B77579744EF8024BD21E68E7E744321B99ABB89575940E81F69
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d....4.z.........." .........................................................0............`.........................................`................ ..................8=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-file-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):22328
                                                                                                                              Entropy (8bit):6.9207804800460835
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:HBPvVX0WPhWFoTi00GftpBjICemjlUGV4FO:hPvVXdBoi7encAO
                                                                                                                              MD5:B9A429A9FFB3C3309222E6A8FC7A0ADA
                                                                                                                              SHA1:B632D18582C8DD658B32D460D7F539C0EF4967A4
                                                                                                                              SHA-256:D62E2DCB011F08B416ADDAA11D07FC295427F57CA31B0098A71CC7ED6FE2E95E
                                                                                                                              SHA-512:8B082C164C8179717A9E554E0231C5BA39C57590C44B2B2F6C0149F4D26252939A634224032A4C5CFA123AF0E180C137998398058CC3FF300E2D054C66C17648
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d......L.........." .........................................................@.......6....`.........................................`................0..................8=..............T............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-file-l1-2-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):18744
                                                                                                                              Entropy (8bit):7.00406336589295
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:C318WIghWGS4eS123Ouo+Uggs/nGfe4pBjSrwlIWh0txKdmVWQ4OWbsqH7XJqnab:IeWPhWbEi00GftpBjbqemBUl+MgWgs
                                                                                                                              MD5:31E207B01E67B6563D2CF9110D06A1D2
                                                                                                                              SHA1:F12832E055C0F0D70FC44B4CB0215C17AA948332
                                                                                                                              SHA-256:6B31A206C051815BE9F7B366D2A9D2464747A56888A7307A924ECDAC558271E1
                                                                                                                              SHA-512:8A19324C8719AD6E7509DE44FE79C6614C064DAA47C4206A2B6BA4124B45BC4D8785CD51B8877C9AE5A1E0768EE1BBA8F98E8D8C17B700AA8DADBD2801035A92
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d....3'B.........." .........................................................0............`.........................................`...L............ ..................8=..............T............................................................................rdata..H...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-file-l2-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):18744
                                                                                                                              Entropy (8bit):7.066127153945707
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:TV5WPhWFT4Ri00GftpBjP2emllnda+SDboWa:TV+s0oiUewSDO
                                                                                                                              MD5:F2D12342C68E51AA748D4937F3EC7DED
                                                                                                                              SHA1:22368CEBCE89FEB929004F73BD0F7236F7050E36
                                                                                                                              SHA-256:6BA964AD55822F55EEA14F73A48DEB164B337639A82DA677FC6EFC1C539FE81E
                                                                                                                              SHA-512:1E1440C97237716A6AC63E038D932EDD0E7962230BFD6956B8AAFA378B344DAF92DA696F0D1A57B0D71FEF3722296B0D02F59B0FC9551E7944C445CC6B2B26A4
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d................." .........................................................0......2.....`.........................................`................ ..................8=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-handle-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):18744
                                                                                                                              Entropy (8bit):6.997631481949732
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:hEsWIghWG4U9vaedXe123Ouo+Uggs/nGfe4pBjSbnhiWh0txKdmVWQ4CWsXwcSqo:fWPhWF4XYi00GftpBjlemSlD165/c
                                                                                                                              MD5:B9F26EF46B152FA6CDCA3C64D30BD230
                                                                                                                              SHA1:3A8D178F69F3B1414D59402AE16D128CE8910AD3
                                                                                                                              SHA-256:69EBC1072B678643A9E64FF6455CC02880DA4B542E45F93D6D479FCCFB73C07D
                                                                                                                              SHA-512:7C11601F27B4CA51C3761C47E8928EA467DE4BDD3A9E928FDCA3CDE056CA71688BFE71103BEBEB4B52884CF1FB8FC408091901639802B087621E6E878A115529
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d...."............" .........................................................0............`.........................................`...`............ ..................8=..............T............................................................................rdata..`...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-heap-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19256
                                                                                                                              Entropy (8bit):6.972998071630693
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:KlYWPhWFlsnhi00GftpBjo4em+Zlnda+SDboUW:EpnhoiBeZ/SD0
                                                                                                                              MD5:2158D279CBFE7FFF860DCDBF7FAF7862
                                                                                                                              SHA1:7F08B640B2A9C1AE78BFEE4FB3127CF3AD050136
                                                                                                                              SHA-256:B41E478248FF99012F2D67813C1BA1B7CA41890289BB9027181C1238F6472E51
                                                                                                                              SHA-512:6400DD42AB0AF7E2533ADC25143A7824732B1F2971E4AAA43CBB046847FBD9A0240011A680F9929BE1154D5E9ECC473DAAB9E19B1D1BB4AA7356E3676B2FD6CB
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d...TC2..........." .........................................................0......'.....`.........................................`................ ..................8=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):18744
                                                                                                                              Entropy (8bit):7.018921805405587
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:XtWIghWG4U9Bu7B123Ouo+Uggs/nGfe4pBjSb8ehQTbWh0txKdmVWQ4CWLEJNr6V:9WPhWFxTi00GftpBjkOTTemUlUGV4o
                                                                                                                              MD5:60BABF4B2F09C6FDA643A4A78184275E
                                                                                                                              SHA1:2EA2E8A553FF34602148AA5209474744F322A17E
                                                                                                                              SHA-256:A934EE2BDA04576524C4B9E05186179AF388BCDF782AEF02878A342427F3361D
                                                                                                                              SHA-512:03C84584BF02102E7741DED0FE312FC86F41B8E41BEA9879CE071A01A56145B573B663806FBF0309349036EDF2913AB0A44ABC09C6104C18473DF3F6D78DE80E
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d...I............." .........................................................0......_.....`.........................................`................ ..................8=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19256
                                                                                                                              Entropy (8bit):7.031097339714167
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:AovuBL3BmuWPhWJTi00GftpBjiSd7emY8clDimMf+2A:ALBL3Bm/IoiYSd7edilG2A
                                                                                                                              MD5:6336D1AD4AEE213368B4912766EE0CB4
                                                                                                                              SHA1:CB34A716EA4ADFB719BBB6425D7FC27AD88A5633
                                                                                                                              SHA-256:DEF954361EBA9CA81693DDE0CEB108136CBC1B5C9E50BAFC62182079219D0735
                                                                                                                              SHA-512:0AE76580C24E50FB23B740103569386B876272E320164271A590B2605E80EB11054FE7AB41C4C64CB66E5092DF1032DECCB7E77DB217947EC68E65462B369D9C
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d....K&..........." .........................................................0......O.....`.........................................`................ ..................8=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-localization-l1-2-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):21304
                                                                                                                              Entropy (8bit):7.0011266872537385
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:gOMw3zdp3bwjGjue9/0jCRrndbJwWPhWF+L3di00GftpBjODlemel+MgWgyw:gOMwBprwjGjue9/0jCRrndbHzNoiWleA
                                                                                                                              MD5:9B43F5733A98E5C6095996916F889987
                                                                                                                              SHA1:01BA4D84CB2ADF3536C31B1C41375D141DCD2BA1
                                                                                                                              SHA-256:2B7E6B54EBC2B9556E2F75E7372D4B2D16758F928B79395B8A55C7ACDCA93341
                                                                                                                              SHA-512:B3497F31C155049C68B18D2F28383843BD8B8C078DB119C07D63EC1900A6204E266A3BC1503734FD85C3766BDDB25029880291E4F6060AFE5DF82717AF6AE092
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d...!............." .........................................................0............`.........................................`................ ..................8=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-memory-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19256
                                                                                                                              Entropy (8bit):6.996654920997192
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:ROWIghWG4U9nuDz7M123Ouo+Uggs/nGfe4pBjSbKKG3y1aFWh0txKdmVWQ4CWlsN:ROWPhWFLDz6i00GftpBj72GemlltLMu
                                                                                                                              MD5:30900C3D64CE91F0F746E39E362C6932
                                                                                                                              SHA1:A06271D1FA3FB0942CFE21481C0D3EC2A99800B7
                                                                                                                              SHA-256:1FCC4C3C6C688C02C4B61A4D054D45F97CBF8FBB34F8D306A9D455DB7D44F641
                                                                                                                              SHA-512:DCD11EB9B78BC328BE4004BF437006B49FBB5E6E57143AADD0010308EAD6FA745637FA51F7C04911EC0AA204B9476E2E26AAA52EA58451406F7854EFA9D05AAD
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d................" .........................................................0......'.....`.........................................`...l............ ..................8=..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):18744
                                                                                                                              Entropy (8bit):7.058960315301542
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:qtWPhWMDz6i00GftpBjkn4emyl1ILUI0:PWoi64eIoI0
                                                                                                                              MD5:601B09085998A04DC6DE2997361AB345
                                                                                                                              SHA1:902523060CB671545843FB6FC50CE55E7CA03A44
                                                                                                                              SHA-256:3A1BBD714BA09814A42B62EEF1ABD48C27F4C02C5B0C69975E017406E8037F77
                                                                                                                              SHA-512:F88A75D865BC6D6252FA0A902CA8473065CD200F4B9B0BF2587BD21A46522EAA0D0D32FD91B8D94E181365B3B95A91B7D218AEF21BE31F5E7337F3C1C458E99D
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d.....I#.........." .........................................................0....... ....`.........................................`................ ..................8=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19768
                                                                                                                              Entropy (8bit):6.971722158189517
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:gFWIghWG4U9DuDz7M123Ouo+Uggs/nGfe4pBjSb/ftRWh0txKdmVWQ4CWz1PUcqe:gFWPhWFPDz6i00GftpBjaXemU9lDimMK
                                                                                                                              MD5:8BBF592D45C8760F276C5621D255F923
                                                                                                                              SHA1:7F5EC1473438234DC6AAA8DA4041A6EE4ED411B6
                                                                                                                              SHA-256:C18FCF72B0B53BE9C41C5F8E60F1DCBE15F8A374880F2ABB9B5E8AAD17A508A0
                                                                                                                              SHA-512:4D46EA5D921704EFA7F9AF82E2164CB79B021795A4683A2A40F938411F1E486AA47CC0E71F7835D4006C965728153898D76F7BAE09205D2E305C8527D612CEB3
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d....s.1.........." .........................................................0......U.....`.........................................`...H............ ..................8=..............T............................................................................rdata..T...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):20792
                                                                                                                              Entropy (8bit):7.001811035215717
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:lWXk1JzNcKSIiWPhWFuTi00GftpBj1gIQemElD165/QjJ:lbcKSSfoigeWYt
                                                                                                                              MD5:8AB1B920ED85FC13CC4D1ED24F42BA26
                                                                                                                              SHA1:9FB5DD3202F1E1A3407DB1563548EA0369947145
                                                                                                                              SHA-256:C042B609479EAFBB7EAA98586F4178455ECE1DB9FFB441F7EC0F8026ED1D0DE6
                                                                                                                              SHA-512:F99D978D3001A847FD09B20C3C239D73FA9384775275851674B4117F404023E6833D8EB0B601892F3084A72D916F77EA367110B3D34FB7C9360BB18AD92E7364
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d................" .........................................................0......D.....`.........................................`................ ..................8=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19256
                                                                                                                              Entropy (8bit):7.0080682875416525
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:7tUDfIe03WPhWFY4Ri00GftpBjx5Aem+8lP5dP/:7le0MH0oiCeE5V
                                                                                                                              MD5:95B0EB891B1E869568A2BF9AB67EAB0F
                                                                                                                              SHA1:09CF1CBB3089FC418EB933D1B4611CCA0D4AD327
                                                                                                                              SHA-256:5129795D6E0AECA2FA56AAA56D71D2E9809C2AD77C14265ABCB51FE832105E00
                                                                                                                              SHA-512:7B2A74278FB7E51242006DC1E60D0E7CC3ED763EB4E7ED7E9DA87797EA81FDB05857DE838B745FAC03468F85C755FE86331746466C30F87F127172DE5524F057
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d................." .........................................................0......t7....`.........................................`................ ..................8=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-profile-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):18232
                                                                                                                              Entropy (8bit):7.0886056494369125
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:vNWPhWFcTi00GftpBj0emylnda+SDbotj:CpoiKeXSDI
                                                                                                                              MD5:26ECA2059F90E3E0C1F821048A8F0A2E
                                                                                                                              SHA1:84458A782841CFEC688DBE5DA0ABB39796722376
                                                                                                                              SHA-256:49D214F07ECED8A966E9CE102CD6A5FEC8C9BB47EE3F1D027C23A258142B44B8
                                                                                                                              SHA-512:3FECAE325659DD1FBCF8BC4AED6B6E9150F26663DB1ABFF2F6B8603978B74A96240A5B19F5B3CEED65DDD3758A69532C859D109F4A5AE289ACF56B307AF54171
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d....9............" .........................................................0............`.........................................`................ ..................8=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19256
                                                                                                                              Entropy (8bit):6.982409662796225
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:uGeV4WPhWF5Ei00GftpBjdarembpl+MgWgez:uGeVZ9oiDIeWsk
                                                                                                                              MD5:1CCB1DD1023C9DBE2D6CD4A758D5DA3B
                                                                                                                              SHA1:C668294B4EF0C67A0721FCE2EA39672D9E57D9D9
                                                                                                                              SHA-256:EF8814992833C056235CDFB04214758EC1E5BFC147069D005920F05A18056169
                                                                                                                              SHA-512:9F21746B825947F02F9609E495584B9BE77AF571D854CB895A534FD4F13509C88095AE8F86A3DDAF82F5F606B1BDEDA5FB36ACAC87BFE61187E4624E0C07B1AB
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d....,............" .........................................................0......d.....`.........................................`................ ..................8=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-string-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):18744
                                                                                                                              Entropy (8bit):7.029564358746918
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:YyMvvWPhWF4snhi00GftpBjCaemj7lP5dP5:YyMvkunhoiUaeM5n
                                                                                                                              MD5:2E06808FEB17F4764C97A48B68D0D021
                                                                                                                              SHA1:5BDE9F243B4AF105240DA1B2C79A62DAC82A57D0
                                                                                                                              SHA-256:AAA457E091A2737DF36849B0B403EEE22EA571BA09DC4F181C7177C2F254A6DD
                                                                                                                              SHA-512:A761225AD469A1C6E91100655F3CE339F44116FC304DF39194135F17AAC895177384CB0FED2DDC5724C7EDAAEEC3493B7046A2CF331CAFF9CB53D9B3CC84C0AC
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d................" .........................................................0............`.........................................`................ ..................8=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-synch-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):20792
                                                                                                                              Entropy (8bit):6.948128964309112
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:XQdv3V0dfpkXc0vVaDWPhWFYEi00GftpBjMJEemQTlP5dPH:XQdv3VqpkXc0vVaQ2oiRejZ5R
                                                                                                                              MD5:3C20821810A4F17905B99B3172745C4F
                                                                                                                              SHA1:FCAF50570CA3A89DECFA1904FDB86421B6C7DEB1
                                                                                                                              SHA-256:A79597DBACD18716BF6BF0CFAA0C647B862165D48972937669BAC03A9D196F71
                                                                                                                              SHA-512:53BC39DF5AFC88CF369FCD342340373397D79E4ADBF5FA7A0BE13E4B61E748EADF46F10864D8AD0442BB5819FA3D83C8B81AF1F653A5A2EC16704A30806A9435
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d....=q.........." .........................................................0......l.....`.........................................`...X............ ..................8=..............T............................................................................rdata..X...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-synch-l1-2-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19256
                                                                                                                              Entropy (8bit):7.043248284547115
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:qtZ3SWPhWF44Ri00GftpBjxt2frzJemFlD165/Sl:4H0oigrzJevo
                                                                                                                              MD5:215C5909343C6EEF550C5BFB9859A542
                                                                                                                              SHA1:48174742989E4886C123157952F966528A4BE963
                                                                                                                              SHA-256:D95346A16D088E510DEF0EFF7CBDCB71D70ADF335D0A88A7838C9476590C8F8C
                                                                                                                              SHA-512:EC00CF8CE3D74BEE680B96418F3FE75BCFD2DE54441D7818FB62FAD73034B07BEF0AAE36DD0AC34FC85A9669636CDFA0D647E21A871A676FEBA09251A5F0FE15
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d....7+..........." .........................................................0......[2....`.........................................`...x............ ..................8=..............T............................................................................rdata..x...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19768
                                                                                                                              Entropy (8bit):6.975944066914076
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:WKIMFpzWIghWGSgA73Ier123Ouo+Uggs/nGfe4pBjSrneDda9IWh0txKdmVWQ4OX:WIzWPhWz3di00GftpBj5/emnl+MgWgG
                                                                                                                              MD5:15F80C8921E81AA123DA0FF1BCED46A4
                                                                                                                              SHA1:45D136BB672BB5AF43DB2F0CF4945912C6BA033F
                                                                                                                              SHA-256:5F1801102B5B865C8275588D1A983F6166CCC15794A0A96CE9534889173DA06D
                                                                                                                              SHA-512:5FE46F13656E225A09B0E88BF30C192567C4EC41D7C2B4D6BF522554F4D81E1CEC3D3787C6CDACDF90AD9D43C63DF7553687EA42B97C154E57E439257AB7BA66
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d..... ..........." .........................................................0......#.....`.........................................`...H............ ..................8=..............T............................................................................rdata..H...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):18744
                                                                                                                              Entropy (8bit):7.069521590051636
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:+WoWIghWGZiAluZo123Ouo+Uggs/nGfe4pBjS/2nDPCWh0txKdmVWQ4GWo1PjSLE:boWPhWz0i00GftpBjjYem0l1ILUI
                                                                                                                              MD5:69D1C46B9927D1C7CAD8DFB5E18AB7AB
                                                                                                                              SHA1:1917BE91ADB466085678EBE036643CB187A7F4D5
                                                                                                                              SHA-256:23F035627ABED3460E6DBE8436E5B608C7C30F69091011F655F10EE49EBFD282
                                                                                                                              SHA-512:365DBC3811B9BC2417937E433B7B748080C3CA1F4FC1B361117DB46FD9DCFE49D948407DCA33CA75D307B0E7F7919CC3550CAA16E6950F10B0F46D16CBD36172
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d...27.G.........." .........................................................0......q0....`.........................................`................ ..................8=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-core-util-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):17856
                                                                                                                              Entropy (8bit):6.980538694197709
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:XTSWIghWGQRZeS123Ouo+Uggs/nGfe4pBjSPmNREaRjkWh0txKdmVWQ4mWNcuEV9:XTSWPhWCEi00GftpBj5fyemAvlgCmK
                                                                                                                              MD5:C36C7004B0915EAC185E8BEE2B3D5BE3
                                                                                                                              SHA1:3DBBC4BE3024C3755C7A5AD7562362A943C0AA16
                                                                                                                              SHA-256:BB15CCFF99ECDD52CF0C5D178EE6EE445BD3192664775EA74D2FA1648B5D1B4A
                                                                                                                              SHA-512:30DB303F461EB11AFE6B83002D635E0ADF5E81A228EC680FBDF967A37744FB9E52F1D8A4BE2BFF694228B16561121D84C3E0BDA9C7437087579339856448BD2D
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d..............." .........................................................0............`.........................................`...<............ ...................9..............T............................................................................rdata..8...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19768
                                                                                                                              Entropy (8bit):6.988994249983393
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:nQXNVWIghWGZifIluZo123Ouo+Uggs/nGfe4pBjS/HTGWh0txKdmVWQ4GWz44RxC:AWPhWj0i00GftpBji8emcBl1ILUIj
                                                                                                                              MD5:3F14AADFAF34257F399DDB6C554D8A51
                                                                                                                              SHA1:695F7A5D42FD16109AD744A2B215DBD4543E2B84
                                                                                                                              SHA-256:EDF658D7655B524F5158B69A189D9715F87CEAC701A055ACC23CE608E4EA0774
                                                                                                                              SHA-512:002A34BB9210401270F321EB973AFD1FD807A3DC395FCD69ADBCABCA413D77EA748F78F70C61818DA52902A74D38FFC9A5B655887D9336A02355072B421CAE22
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d...4Bq~.........." .........................................................0............`.......................................................... ..................8=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):22840
                                                                                                                              Entropy (8bit):6.842503989249591
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:euydWPhWFDTi00GftpBjQ+emKClD165/v:N0oiJeFDX
                                                                                                                              MD5:E3495C380C381670908355181787D7EA
                                                                                                                              SHA1:30B2D379CF483E3394A462A5824092E555974F26
                                                                                                                              SHA-256:B353BD22B97FD3704557A99359C9EA0B4E0AD8B7E43B5E21700DABD1A1D84923
                                                                                                                              SHA-512:BE973074BE09FB0E11D4819C0A04D07DAAD5BF82D3B2C689AB9A5A6D74D39BD24CF526BCFD926F69F5986F0DBFCE2D3B4E21A2449AD8E6E9A8A2CFD52B572868
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d................." .........................................................@.......,....`..........................................................0..................8=..............T............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19256
                                                                                                                              Entropy (8bit):6.978251516704103
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:+WIghWG4U9P+4z123Ouo+Uggs/nGfe4pBjSbNDWh0txKdmVWQ4CWY9cqnajXagRO:+WPhWFt4Ri00GftpBj+emQlDimMuq
                                                                                                                              MD5:5746D1DC01F0A069F009ECD7F8738C41
                                                                                                                              SHA1:5D8696C5CFAB3B9C91806A95C9A84D539A4500A3
                                                                                                                              SHA-256:325E7BB5C8A3C7F9DB8698A570B7D9D9424A028D51F937A2DFF3DC5FF0B6E457
                                                                                                                              SHA-512:C73D63216F0BFDA185928172B737AA652BA30D88471B22C5161B162BD5D68D7B60C3B90AF648CC7C1C2B409AF416383DB106ABF8366733BA4C61F3F104C8DB41
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d....be..........." .........................................................0............`............................................."............ ..................8=..............T............................................................................rdata..2...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):20792
                                                                                                                              Entropy (8bit):6.986164311073545
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:Uq6nWm5C1WPhWFu3di00GftpBj1Zj9YemollP5dPR2:p6nWm5CixNoivZj9Ye75n2
                                                                                                                              MD5:C8211D9A8F2595C9EE6F75C9B6D5CB29
                                                                                                                              SHA1:F90EE7350A2D922F5AB614A43C81A42604A86306
                                                                                                                              SHA-256:B78607F566599E92BFA8FF5DE0F28C439207ABF17F274A045500A0D107287D41
                                                                                                                              SHA-512:846583349A448D2DF8B4A9957A72B6734B0E394135CEF6B03BDF197C6752C9E688E47C7D51CE4825F20F47D933FF9133B481B4DAEC6B0EC729A739B157617377
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d.....g.........." .........................................................0............`.......................................................... ..................8=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19768
                                                                                                                              Entropy (8bit):6.958565879190891
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:7Y3e9WPhW8snhi00GftpBj1Aemwl1ILUI:PqMnhoivAeSoI
                                                                                                                              MD5:28579CA40C9E19CC6DC23DFB8B6871CD
                                                                                                                              SHA1:804CDCCDB65AD15E016072B5D6F9843096140864
                                                                                                                              SHA-256:A57D8275C34C1094F6A4535E23C7BEE4759532E08776FF84C5FE487C0F925EB4
                                                                                                                              SHA-512:9489CDC3D5DF75DD2686EA82DD689AAE0A4FD503D2831091C10BC53820320B4947CD9F321501448D258B219516E5D9AAF6790F13189248835BA20B2F86674B9C
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d...o............." .........................................................0............`.......................................................... ..................8=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-locale-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19256
                                                                                                                              Entropy (8bit):7.032684190357787
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:8WIghWG4U9CluZo123Ouo+Uggs/nGfe4pBjSbC1uWh0txKdmVWQ4CWbjp0KwqnaF:8WPhWFI0i00GftpBjB0emA6lP5dPF
                                                                                                                              MD5:4140EE5C6EA9F933C483615141FD54FE
                                                                                                                              SHA1:3EF9DA0DF943F56F1838853FC5406280B2823516
                                                                                                                              SHA-256:29ABDC8C5396132B004E6751464641B8F0562249333B2257A1D2EB4AECC8D9DC
                                                                                                                              SHA-512:1CC86A050DCD1619E9E2CC9AA37C76DA21E4A4D8F1700916C5FF6ED883D3C4218DF17B1980A4875C803F5A5DE5B80B45EBE5F0FD20B38726FE6CD8D8039D49A2
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d....!P..........." .........................................................0............`.............................................e............ ..................8=..............T............................................................................rdata..u...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-math-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):27064
                                                                                                                              Entropy (8bit):6.604912140554909
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:cQUbM4Oe59Ckb1hgmL5WPhWnbEi00GftpBjyW5nemzUlgCG:cRMq59Bb1j+9oivleIf
                                                                                                                              MD5:6C7D9C87AF17330357FDB7F39751080B
                                                                                                                              SHA1:3A1DD4A6290D0C9764E43F430BB447AE4CCE674D
                                                                                                                              SHA-256:6A9DD5A4E52C1AA0E341E35E9DC1A6FBF476EBACD64ADD3A53C146F019A9A4C6
                                                                                                                              SHA-512:D03B8C177B81DD7D55CB1C2DC76301D52FF6D0CBEF61398BFFD9D113814FA64801196414ABEFB2F635CBC3E28DE3960A47F4B6D6170FE252AC0642701DE75D27
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d................." .........,...............................................P......?.....`..............................................%...........@...............0...9..............T............................................................................rdata...&.......(..................@..@.rsrc........@.......,..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):26936
                                                                                                                              Entropy (8bit):6.648173486549864
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:/lr65Ky+Kr6aLPmIHJI6/CpG3t2G3t4odXL5WPhWP3di00GftpBjRemslUGV4QRP:9ZKrZPmIHJI64iNoiLescJ
                                                                                                                              MD5:0CAD941678316DA4F162C2D65600F578
                                                                                                                              SHA1:B14D054E8F787E22B352AEFBEC819B381A64010C
                                                                                                                              SHA-256:ACB97F64896CB96CEA09C2A2E691A8E2302885150A0699AA0AC0593BCDC89E9F
                                                                                                                              SHA-512:2D505027A60B4D2964D869A69756242E537F064633DF63A4FFC45AA2DF0BFC9AC483AA4455ACEB7AFA8EBB30D5B685955AD4A14170C891CBDEE693C9CB601886
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d...../.........." .........(...............................................P......_.....`.............................................. ...........@...............,..8=..............T............................................................................rdata...".......$..................@..@.rsrc........@.......(..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-private-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):71480
                                                                                                                              Entropy (8bit):5.831819666602258
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:e9MDe5c4bFe2JyhcvxXWpD7d3334BkZn+P77ocF:e9MDe5c4bFe2JyhcvxXWpD7d3334BkZ2
                                                                                                                              MD5:594E7962D7930D5D4578D7AC0E906A83
                                                                                                                              SHA1:6C28616880990D83174FB51F2F38C095273B8C69
                                                                                                                              SHA-256:31EA0991B7FAC73ADBAF2B9887BBF80353D78BC9A92618BB73E2B55F6BD4F1AD
                                                                                                                              SHA-512:5D993BF835147168E01BAF2E26FD18801F3B1D288E0BA01955BD94D7E3E5DEADE0183C3F5FEF4B8AE79996430E9F6879DD580B0FA1B421211E0869D5B759E027
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d....(............" ......................................................................`.............................................................................8=..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-process-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19768
                                                                                                                              Entropy (8bit):6.973729005309984
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:eKcWPhWFJsnhi00GftpBjQ+cWem42jlD165/0bj:BdnhoiWjWeT2u8v
                                                                                                                              MD5:7C1742B5617456344965156C650AF627
                                                                                                                              SHA1:4B83CAE841CA3360ED998C48816EC4EA71CB86F7
                                                                                                                              SHA-256:E31FD2A662773F4B2D84D29DC312D5614992B8E1B700840A2F5AE539AD9A21C2
                                                                                                                              SHA-512:9FE82E00B1921E9566AE07226B7C4305AEBACD169E8CAE4A286183ACDB70391CE64CA62FB029DFF10A280775218FF0772E3FC953FC31B7FA2ACE518904CD5ED8
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d...r..E.........." .........................................................0............`.............................................x............ ..................8=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):22464
                                                                                                                              Entropy (8bit):6.819163189814193
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:AtIPrpJhhf4AN5/KiJWIghWGQ9u7B123Ouo+Uggs/nGfe4pBjSPYf1TDBRzIWh0d:AtYr7fWPhWkTi00GftpBjtCemlNdlgC
                                                                                                                              MD5:F576FD38085005B4AB2FF1DACD293C48
                                                                                                                              SHA1:75074CFC7543B34F0BCACE916370413055DEE2AE
                                                                                                                              SHA-256:6E794D0FAD29CC5BDD5D0511FD923D3434ED122CFF0ED697903900C93C807582
                                                                                                                              SHA-512:3887BA832965E3BBE248002E926B0EA8374B4755E6B736C25850088287790E20052D3334000EB7AFC2C86FD2A14BA05D5E564C1BD811D8BAA8E524F4F7FCFC25
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d....AN2.........." .........................................................@......J.....`.............................................4............0...................9..............T............................................................................rdata..D...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):24888
                                                                                                                              Entropy (8bit):6.794427762926239
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:AZpFVhjWPhWF83di00GftpBjTQ3psemtNlUGV4/:UCDNoi9heuEcy
                                                                                                                              MD5:1CEC55E31418A818093C73E96BD41973
                                                                                                                              SHA1:69A57FB9C17CCFD607749D8E9C8E80792904EA44
                                                                                                                              SHA-256:513BB1DD16BE7491CED8FA2494B604257285F76062525685C2991391D0C048C3
                                                                                                                              SHA-512:31F0E1F4EC0E8B94F4FE403F182596839C916F5D810B8D81C1F399868D18C68192A1362F03F9983D92CB7B7C8575421DA12C345838321C95D056C20517EE9B55
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d....s............" ......... ...............................................@...........`.............................................a............0...............$..8=..............T............................................................................rdata..a...........................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-string-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):24888
                                                                                                                              Entropy (8bit):6.789509023766346
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:16S5yguNvZ5VQgx3SbwA71IkFvsoi9eedilK:1l5yguNvZ5VQgx3SbwA71IYsomdb
                                                                                                                              MD5:E730CD977AC7F60F0824775E39C8FD2C
                                                                                                                              SHA1:FDFAF759A360293687BD2838B7D9FEB628EDAF5B
                                                                                                                              SHA-256:63DE06332E8FF15A5BFF699E70ED2537A9D273BA62463FA16265D261F3C5BB31
                                                                                                                              SHA-512:D6A30E82A061F7E5F27AAA928819EBEFFF2BB5963AB7D4BE33D41E0099576B1E7D0C671082FA08CE0E1BD8E89C4DC8AE427A22F0162AC05B8A0259392BB50FE8
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d.....@K.........." ......... ...............................................@............`..........................................................0...............$..8=..............T............................................................................rdata..............................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-time-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):21304
                                                                                                                              Entropy (8bit):6.921367513935533
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:EgWPhWFGU4Ri00GftpBj3yemG/lmT9KJjpal4:CA0oi4ewCpA4
                                                                                                                              MD5:090027E2A3EF8D8EBF9CED36FDC7B492
                                                                                                                              SHA1:BC75462090E7B95A44C9D22DDEC394DA30D4B6E4
                                                                                                                              SHA-256:803B6F86F178E71F462DFDD6521C9F4791059C1FAB5DC86DE17C34C25E55F8BD
                                                                                                                              SHA-512:4BA291E44BE86AB8E2F3619155AD503D68E65F84EAB0870844C23893B5C169A1FE85FB1FEB6CD0BA692373D84B40DB3E8FCEC3AD231899A0F3FFBECC971FE48B
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d.....[?.........." .........................................................0......b.....`.......................................................... ..................8=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\api-ms-win-crt-utility-l1-1-0.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):19256
                                                                                                                              Entropy (8bit):7.03070962522908
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:jfHQdu3WIghWG4U9tu7B123Ouo+Uggs/nGfe4pBjSb/e4nWh0txKdmVWQ4CWkmub:jfBWPhWFdTi00GftpBjboemYul+MgWga
                                                                                                                              MD5:6BC85715C6A0006CDEFF1B3D7FFD796F
                                                                                                                              SHA1:FAC4BDF44990B06C7A1C2FFED214EBD710264B3F
                                                                                                                              SHA-256:7A578DD2CEB4387AE8F67F6A82AB553CA1570D1588AB6645859E5625585AF95C
                                                                                                                              SHA-512:A8ED5D78D973EFD248971795DC1E3A6E27421746D2C7D47740E846A7E19F3153E7A7E508327A20EDF9A2354DBC82DA6985E1E212474A066C905A00A32DE99BC7
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.........PE..d...#............" .........................................................0............`.............................................^............ ..................8=..............T............................................................................rdata..n...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\awt.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1546088
                                                                                                                              Entropy (8bit):6.354026873272221
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:CU84nWJTUR2ZeQK5VBN4q/2SSaae45lV5gCKZYSNEb1:CU84WJQR2ZeHLdSVe4zXZSNM
                                                                                                                              MD5:9CDB58E2FAFBB05FD3ADFEB359ABC1BB
                                                                                                                              SHA1:0D8D69C0384B76CDF9C2B5C1C22D3D7DE3B5E3CF
                                                                                                                              SHA-256:D6AB80DBFA777ED41AD94B01F1B85C530898619F186B959762CE60FDB4474B14
                                                                                                                              SHA-512:C46B46F2A8609F1E7A91327CADF36B2E23BF30BAEA8E26ED885E36737E328A0C0A405C2B3436A78751351692C84EDEC57E700BFF747C6B3789E02916FB2389C3
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........-G^.L)..L)..L)..4...L)..((..L)..(*..L)..(-..L).#((..L)..(,..L).../..L)...(..L)..L(..N).#(-..L).#(,..L).#()..L).#(...L).#(+..L).Rich.L).........................PE..d....^.\.........." .................?..............................................5.....`.............................................p... ;.......`...L......d....|..h.......T:..@P..T....................P..(...0O.......................[..`....................text...^........................... ..`.rdata..r...........................@..@.data........`.......B..............@....pdata..d...........................@..@.rsrc....L...`...N..................@..@.reloc..T:.......<...@..............@..B................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\dt_socket.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):30568
                                                                                                                              Entropy (8bit):6.156236320585768
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:uRcqiTmAKTlsttwxZ3DCDRCj+R83hrSdO:uymAKWKzQR5a3hrSQ
                                                                                                                              MD5:D3929F28A7984D4B3B648DBAAC182CDF
                                                                                                                              SHA1:0D0C858B43CFF8689BB047268576E832E9C34DAA
                                                                                                                              SHA-256:0B4506B795210EF01B08BFC63192F3D3F817E1E67EA4CD187302DA63134DDF32
                                                                                                                              SHA-512:748EC763F80D073B2A1AC54FDB256115CEB64164220EB84212E11609A34348D99AF316585CC3DEFEBFDD77DCCCAFE13B57A74DD1B6257F4C7B1EC7A29E4E19E9
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........C.."..."..."...Z...".._F...".._F...".._F...".._F..."...@..."..."..."..fF..."..fF..."..fFx.."..fF..."..Rich."..........................PE..d...\^.\.........." .....,...2.......0..............................................:.....`..........................................W..X...8X...............p..l....\..h............P..T............................P...............@..X............................text...6+.......,.................. ..`.rdata..>....@... ...0..............@..@.data........`.......P..............@....pdata..l....p.......R..............@..@.rsrc................V..............@..@.reloc...............Z..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\fontmanager.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):427368
                                                                                                                              Entropy (8bit):6.28977114523433
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:N56ETyG58raiVSuIENJDmcT/r68OPlkT/oToDK8QudWQ/DK+hZS9:N56nI4Lp6NkTdwaW0q
                                                                                                                              MD5:0E3A9B75CDD987E46623AAD4FBD99CBB
                                                                                                                              SHA1:6EC6DA87B9D79DFDE96B7CB6164EFCE0BC4B8BD0
                                                                                                                              SHA-256:84C3BB3F47705CC2D21BA5B9703332EF3DE9DC1CCF02098221E57B906602CEF1
                                                                                                                              SHA-512:F8E28B2532DEFF2299BE51541B161B74ED789016A6A04E16F21A95F0AE2CCD69ED2D39233B551931C61BD7D7A7F94AED5AE7CBCB133BA8F03E2A961698C028C8
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^.9.?.j.?.j.?.j.G!j.?.jl[.k.?.j .uj.?.jl[.k.?.jl[.k.?.jl[.k.?.j.].k.?.jU[.k.?.j.?.j6?.jU[.k.?.jU[.k.?.jU[.k.?.jU[Mj.?.jU[.k.?.jRich.?.j........PE..d....^.\.........." .................................................................8....`.........................................0 ..p....(..T................0...j..h.......$...0...T............................................ ...............................text............................... ..`.rdata..l.... ......................@..@.data....G...@.......$..............@....pdata...0.......2...2..............@..@.rsrc................d..............@..@.reloc..$............h..............@..B................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\freetype.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):517480
                                                                                                                              Entropy (8bit):6.638063585166495
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:fNCLRcUtRUGt5G4SRzfQhj7y0fEWmJnX1:fgLRcUtRp5FA++ZFX1
                                                                                                                              MD5:8264E86C114DB572F28C260C9E05BC81
                                                                                                                              SHA1:FF3BEFE518617B909734E008E2C7ECD3993F95CA
                                                                                                                              SHA-256:2E865DFF0E1F361A40815C01C6A840ECA83A5E15554F03E432DD08ED8CD3B2EB
                                                                                                                              SHA-512:818BD6FFA8A45E342C671D4F36C8CB7466160CFDB013EA214C4DAC81D69961922F8F49166FFB4F9FA8B50188E899A879F6175494FC14031808FFCC65E5D1394B
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........F(S.({S.({S.({Z.{].({..)zQ.({ .)zP.({S.){e.({.9.{R.({..+zW.({..-zY.({..,zY.({..,z".({..(zR.({...{R.({..*zR.({RichS.({................PE..d....^.\.........." .....@..........@F...............................................l....`..........................................S..8....f...................W......h.......d.......T............................................P...............................text....?.......@.................. ..`.rdata.......P.......D..............@..@.data...@....p.......b..............@....pdata...W.......X...d..............@..@.rsrc...............................@..@.reloc..d...........................@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\instrument.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):46952
                                                                                                                              Entropy (8bit):6.345379277306636
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:qUD08DbyixSytu2Lwsqx6upcIns5E2Dg0xB3BnEakCJwvsm4Baj+FS3hehLn:nV+StFOqTEfCvLBhs3hehD
                                                                                                                              MD5:82D1501C691F3C64ED02E604811991B0
                                                                                                                              SHA1:B0E5B2CD7382C2FB5EE647560FAF63D157D31471
                                                                                                                              SHA-256:B71E6F128A5DBA4F8A0D71D513A1B294708B29E55ED6A3F75C3E10BF3DA985B9
                                                                                                                              SHA-512:95666041F4577CBC8DB9FE28DC71867838C9EA035C1E88E8ECCBC9359E463E44BD2DEA385EE18B220FE9B6D921DA12AED4CBD97ED450C74E934806DBC94C52B9
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=8t.yY.}yY.}yY.}p!.}sY.}.=.|{Y.}.;.|{Y.}...}{Y.}.=.|zY.}.=.|sY.}.=.|sY.}.=.||Y.}yY.}OY.}.=.|uY.}.=.|xY.}.=.}xY.}.=.|xY.}RichyY.}........PE..d....].\.........." .....^...@.......a....................................................`.........................................P.......,...........................h.......$...`...T............................................p...............................text...v].......^.................. ..`.rdata...*...p...,...b..............@..@.data...X...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..$...........................@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\j2gss.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):46440
                                                                                                                              Entropy (8bit):6.210740495985266
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:wrapOyRGQGyonBP4WrvlRci6l32jFCG+FyDU1M2aRw3gj+yuR3ht1:0vpLblSi6l32jFCG+YDU1M1Rw3rx3ht1
                                                                                                                              MD5:974A4D88A376E254368A9A0EAB271DD8
                                                                                                                              SHA1:93CCD9A3B812B9A2FFCF25C42ED28BBEEA323BD6
                                                                                                                              SHA-256:BBCB09705CE6C2265850B7BB44F1A3F7AE55CC41E6020624725613FDB8644179
                                                                                                                              SHA-512:3E341B98B717E6806E6C4CFC2444AE39F892C252B6C71D68C5AA009B68AB388E39A9DC29DB8E3B0B2F8B39254A2E6D8EF150EDEC23D3974532D79E1B2251DAF2
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........y.U.............`4.....a|.......z..............a|......a|......a|......X|......X|......X|X.....X|......Rich............PE..d....].\.........." .....T...J.......V...............................................+....`....................................................x...............8.......h.......$.......T............................................p..X............................text....R.......T.................. ..`.rdata...2...p...4...X..............@..@.data...X...........................@....pdata..8...........................@..@.rsrc...............................@..@.reloc..$...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\j2pcsc.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):22888
                                                                                                                              Entropy (8bit):6.144575704995709
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:zXuXd0Utl2nuzLpFf+r+mBQoHUr9Vj+oT8JN77hh/97hn:zXyJtlD98qmehVj+oI3hHN
                                                                                                                              MD5:D75503E4C5E9C22837DED35E84DD5A01
                                                                                                                              SHA1:2488CA5446483263B5DF82BDE63C9155BA0A20BB
                                                                                                                              SHA-256:8442664C2D16D2F7EC59288299C493A268F5C12D6C2D3BA542911041D9497974
                                                                                                                              SHA-512:729C6046D5E579FEF2FE840C0D2443D6B218F7208A8E545DBECC00BB86ACB244DEF49101986E907426E9666F8A4F3AEC7B3A5C4AA105A9627E798EB8C9131209
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F..'a..'a..'a.._.'a.IC`..'a......'a.ICb..'a.ICd..'a.ICe..'a..E`..'a..'`..'a.pCe..'a.pCa..'a.pC...'a.pCc..'a.Rich.'a.........................PE..d....].\.........." .........$......8...............................................t.....`..........................................8.......;.......p.......`.......>..h...........p2..T............................2...............0..x............................text...&........................... ..`.rdata..|....0....... ..............@..@.data...8....P.......2..............@....pdata.......`.......4..............@..@.rsrc........p.......8..............@..@.reloc...............<..............@..B................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\j2pkcs11.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):69480
                                                                                                                              Entropy (8bit):6.263627105798803
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:YK3SKmN4L3XF55OBY5xMYg1n1KFezPlN9xV6FSP59XvhRFPSe3MbkeV1cFsPUNhM:nhRL31Oa5x81nBPliUli7RZ7
                                                                                                                              MD5:6CDF625ACA8A776A9D7396CFC4A59319
                                                                                                                              SHA1:F92295424F3C790A23ABEE09EFB136A2F3C565B1
                                                                                                                              SHA-256:15EDB797DCBBD4741340B7CA401ECC3464A153FB702F2C74762C6BC7C4A11A52
                                                                                                                              SHA-512:461B1A4BBFC59F18E03C9E7B658D49D3DE360F8B43817471E71812FE51FB75B4538F74571E4E66E4AA67FCDD4C69FE91D93BED43768D30B62F2783D9C800C5EF
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........-..s~..s~..s~...~..s~&.r...s~..r...s~..r~..s~&.p...s~&.v...s~&.w...s~..w...s~..s...s~...~..s~..q...s~Rich..s~........PE..d....^.\.........." .........N......X........................................@............`.........................................P...x............ ..........|.......h....0..$... ...T............................................................................text...F........................... ..`.rdata...5.......6..................@..@.data...............................@....pdata..|...........................@..@.rsrc........ ......................@..@.reloc..$....0......................@..B........................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\jaas.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):24936
                                                                                                                              Entropy (8bit):6.1362917896317155
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:O4M6TDKXvmgKGW4FgXO97oGUVoj+bSJ8JN77hhuZ:FMmgbgGcoj+bz3hsZ
                                                                                                                              MD5:4C5E658FFD7BBE15AF1B955F70B960DD
                                                                                                                              SHA1:B24964CC334F5DF4AED231A2628D64BFA6642FDF
                                                                                                                              SHA-256:83468796A5B40D6ACAE48218268E7A9D2EBE527F6D892F903A0A3FE7561FD804
                                                                                                                              SHA-512:CB8719D5F4F6E36FDF11E0942E8607BABB3E45282920690214230F5E34FA771D96F3235AFCFE69164633BFC8EA524CDF008AD3005C48156E04226C83B65D71DB
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............W...W...W.eW...W...V...W...V...W...V...W...V...W...V...W...W...W%..V...W%..V...W%..W...W%..V...WRich...W........................PE..d...9^.\.........." ..... ...".......$..............................................;.....`..........................................>.......>.......p.......`.......F..h............7..T........................... 8...............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........P.......:..............@....pdata.......`.......<..............@..@.rsrc........p.......@..............@..@.reloc...............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\jabswitch.exe

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):41832
                                                                                                                              Entropy (8bit):5.793665134529016
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:EfOzgxxpZnEmtloHsWYJGGbnNfr8Zps3BijPj+5l3hlaH:EfjEmvoMWYJJ5frLEj6P3hlaH
                                                                                                                              MD5:3D70A9AA3DF785AA808F19AC0A798B95
                                                                                                                              SHA1:A66663C18D689F6A679F73C127D305152A2B7DAD
                                                                                                                              SHA-256:896239F3E8ABCADF8E75CCD1E3E60A409CDA2D1733F1D5A9C32FC5C9746DB532
                                                                                                                              SHA-512:7240799F9588100F63A983023A6E6D11603DB8C732914730BB369707CAEEC41D0F21EE6E7DF1C813E16B2F1A5C080A035DAAAD818949259F362309DAD8301DCC
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)..(m..{m..{m..{d.>{}..{..zo..{..zn..{..zq..{..za..{..zd..{m..{...{..zl..{..R{l..{..zl..{Richm..{................PE..d....^.\.........."......:...J......<2.........@....................................C.....`.................................................D{..........................h............q..T...........................pq...............P..P............................text....9.......:.................. ..`.rdata..r7...P...8...>..............@..@.data...@............v..............@....pdata...............x..............@..@.rsrc................|..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\jaccessinspector.exe

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):102248
                                                                                                                              Entropy (8bit):5.942880525330835
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:cEbNa3Rjp18Gmne9pga0UBYir4cxN3x5Q6uy+O9eyyKxKyXveF6PZWKZpYjdANSI:ceNa3Rjp18Gmne9pga0UBYir4cxN3x59
                                                                                                                              MD5:C065274F77C1BD2F4B68578F266887B1
                                                                                                                              SHA1:2AC1BBB286281912B39C96CC7D993A2B21A96B56
                                                                                                                              SHA-256:3878F82B0A7D0EC578558CBC2492DE3E8D4E9E0D057095055913CC48DA53BC7D
                                                                                                                              SHA-512:6731AC92C6FE70C8C54AC0F940C33367DF3A5F9A2E79B19555245C45E01286A5520B81F5143C577728830A325C794468006751FE5CA7EBD13F25446F9249F5DA
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........y.Q.............`4.....H|......H|......H|......H|.......z..............q|......q|......q|X.....q|......Rich............PE..d....^.\.........."............................@....................................B.....`.................................................dL..................<....t..h.......h....9..T....................:..(....9..................8............................text............................... ..`.rdata...K.......L..................@..@.data........`.......B..............@....pdata..<............P..............@..@.rsrc................`..............@..@.reloc..h............r..............@..B........................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\jaccesswalker.exe

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):65896
                                                                                                                              Entropy (8bit):5.942949499387325
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:vGCFAWsuqTThQZSuA60UBD/edBMo3xKrJlB1bYLvvHs1y3456Vw+R+s81t6YWYgG:eCFAWsuqTThQZSuA60UBD/edBMo3xKrz
                                                                                                                              MD5:5D42DE65DBA530FFE7E52630D49BB09E
                                                                                                                              SHA1:8881F581BECBC603309B7D932C9CA30B39B7B12C
                                                                                                                              SHA-256:2625E470656A51197FAD846FC05CEE19D255261658A947359545736796C57B55
                                                                                                                              SHA-512:2AFE19C4630485E7FE176A2B17E19ABD1FCB98EC0E7EFAE7F91D4B0E9AFBEE24817E17823B33F2093E57EA6EE4197BB7E3EF58D83D7A9858832B29562DAB1E69
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!M6.e,X.e,X.e,X.lT..k,X.HY.g,X.H[.a,X.H].},X.H\.h,X..NY.l,X.e,Y..,X.H\.d,X.H].a,X.H..d,X.HZ.d,X.Riche,X.................PE..d....^.\.........."..........d.................@.............................0......p;....`.............................................................(.......@.......h.... ..P.......T..............................................X............................text............................... ..`.rdata...7.......8..................@..@.data...`...........................@....pdata..@...........................@..@.rsrc...(...........................@..@.reloc..P.... ......................@..B................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\java.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):148328
                                                                                                                              Entropy (8bit):6.4212938162838125
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:8X7p/aN4xkeOzT3JWlTQqt5BzY8Io3rYQ2YTEo6j:8XdNwTA2qtgQb0j
                                                                                                                              MD5:43792B0FF1E70C5E30B9187FB4772D16
                                                                                                                              SHA1:9EBD52D809489B2A4C1533C9B29817E07F96158C
                                                                                                                              SHA-256:5B751AA1580D5604B8EA3387BA6FD9E6DABCE88E43A68D8DEBC52B1A80252D62
                                                                                                                              SHA-512:ED3DE7878E8C1F65D30068D846A3E68B4CF4CE522B605529583FE5237D9088D99491791F7A9E893310CAFAE055576DC569C980C81CE31D66BC4259F796168FD6
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*..K...K...K...3...K.../...K.../...K.../...K...)...K.../...K...)...K..(/...K...K...J..(/...K..(/...K..(/q..K..(/...K..Rich.K..........................PE..d....].\.........." .....Z..........`_.......................................`......,g....`..............................................=..T...,....@.......0.......(..h....P.........T...........................................p..p......@....................text....Y.......Z.................. ..`.rdata..h....p.......^..............@..@.data...P...........................@....pdata.......0......................@..@.rsrc........@....... ..............@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\java.exe

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):51048
                                                                                                                              Entropy (8bit):6.2958309632390215
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:N1FBcLAuDeGJiqrmehiVSrmaBP39VHk5Xj+EM3hP6:Nj7qjh3rmKPNFk5yP3hP6
                                                                                                                              MD5:B78509E179BCAB6A5EB03667DCC14F3C
                                                                                                                              SHA1:FE1B36DAF07D331DEDDE6C805D3169C56BEC0ACA
                                                                                                                              SHA-256:6D99EC9FC4EBFA1F69185DEE930178C45E3834D7663566FB1DC139DD89FAAB17
                                                                                                                              SHA-512:4C839A7506B867F90BE1783F44996D5E7039C4B4E949188F12F1BDDCFE68E984E2E3DFA17042DAFA7990A5C9CE3A77FB8A617A7041B2027196C11A465197E136
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... lV.d.8.d.8.d.8.mu..h.8..i9.f.8..o9.f.8..i;.f.8..i=.u.8..i<.n.8..i9.g.8.d.9.Q.8..i<.e.8..i8.e.8..i.e.8..i:.e.8.Richd.8.........PE..d....].\..........".................(..........@..........................................`.........................................`(..@....(.......P..4....@..h.......h.......4...."..T...........................P#............... ...............................text............................... ..`.rdata....... ......................@..@.data........0.......$..............@....pdata..h....@.......&..............@..@.rsrc...4....P.......(..............@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\javaaccessbridge.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):226664
                                                                                                                              Entropy (8bit):6.283251291144428
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:m72RAN99A3nCmZlonyy4bwe0DEvbrPzEw/bE1rT5Ki8h7U/yNh7IGLKLLUwrxmBR:vy99A3CmcnYwe0Dkh7K/j3m
                                                                                                                              MD5:EA6DEC87D95C11577D097CB20B988E03
                                                                                                                              SHA1:B7295A5B824558713D1032A25B901525DD056CE6
                                                                                                                              SHA-256:EAA9FA619CB23BEBCD9A6FAD1D0DC9F77ACCD0EE6DA0E2A203CE036C54AC59B0
                                                                                                                              SHA-512:4BCB700464768EAA05A278D343B7F9480E3338A19E9FDBBBA3BCFB7DF2F4AB73DE8385F902088A5898AA0C88EBDDDC5E46E7CB171A76B3A028947533616B7E12
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;...................u.......v...............w.......f.......o.......}.......z...............z.......~.......~.......~...Rich............PE..d....^.\.........." .................................................................v....`..........................................#.......-..P.......X....`..H....Z..h.......D...`...T............................................................................text...`........................... ..`.rdata..............................@..@.data...X....@.......*..............@....pdata..H....`.......4..............@..@.rsrc...X............J..............@..@.reloc..D............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\javajpeg.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):174952
                                                                                                                              Entropy (8bit):6.457998463920378
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:jIaMu3Dh0nw8+ZRhbhNwLqpdlGm3az8pbmdevIAtuPzfC5kQ/xj/IcH:jIaMu3iw3HDwLqMm3az8pbMez4PW5kK/
                                                                                                                              MD5:60483F007324830620CE3784CBC1252F
                                                                                                                              SHA1:8BEFDBA11444C09CFBE9688783D1E799E2D218FB
                                                                                                                              SHA-256:FBEE72D36DA500DC9C88258D5877B19AFEFB1D692EB5FA4A4513CC2756C0B403
                                                                                                                              SHA-512:F49C826CC9D8BF911D8A0990B81A42414A1B0D7048EF3F4EFFAE76A098F79EF4DAAD32A0CF6D42F2E50E35054C4310719789AC7EBF67CDC0E5F8742C5D32198E
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......l..B(..(..(..!... ......*..[...*....G.)......+......#......".....+..(..............).....).....)..Rich(..........................PE..d....^.\.........." ................ ................................................{....`..........................................s..8...Hy..........................h.......$... I..T............................I............... ...............................text............................... ..`.rdata..X_... ...`..................@..@.data................j..............@....pdata...............l..............@..@.rsrc...............................@..@.reloc..$...........................@..B........................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\javaw.exe

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):51048
                                                                                                                              Entropy (8bit):6.303876064462379
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:oFptZso2mLAuDeGJiqrmehiVSrmaBP39V2c5tj+rmk3hePw:oFpny7qjh3rmKPNIc5Myk3heY
                                                                                                                              MD5:D88ABECA461411366CF19B05B99528F0
                                                                                                                              SHA1:1744BBD4B15314597D3764EC006179B440267E29
                                                                                                                              SHA-256:5EB6750E620D449EC40F8D4B80F98C0FCEF9C4100736F844E2F6097985809307
                                                                                                                              SHA-512:C3FDED4F51E08BC035C3923E8A17507C021477C6A0102DA9F6122FA7499286C518EB022E15E7BB9621E39A8A039D1C6D78588EB5CBCBE66EFF70B53A35DFDB35
                                                                                                                              Malicious:true
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........"Y.C7..C7..C7..;...C7.|'6..C7..!6..C7.|'4..C7.|'2..C7.|'3..C7.E'6..C7..C6..C7.E'3..C7.E'..C7.E'5..C7.Rich.C7.........................PE..d....].\..........".................0..........@....................................V.....`.................................................X(.......P..4....@..t.......h.......4....#..T...........................`#............... ...............................text...X........................... ..`.rdata....... ......................@..@.data........0.......$..............@....pdata..t....@.......&..............@..@.rsrc...4....P.......(..............@..@.reloc..4...........................@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\jawt.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):18280
                                                                                                                              Entropy (8bit):5.978762886599994
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:65dEC9CMe1nrvXNYdW64JsYnXYvy+/WMbL1tJx+wkFIAHfH0JOqsmVgz28WhBqdw:jiGXNsvRo0yixj+d38JN77hhIw
                                                                                                                              MD5:A857F7B9A845A63EC972B93912B8AE20
                                                                                                                              SHA1:6C59762A29C6B131E41F526F02CDA9FF9B871C47
                                                                                                                              SHA-256:60F7149C6A5E9F344492499DDF30A25BBABF0620A723B73145DE6B613EDBC8EF
                                                                                                                              SHA-512:9F1FDD3E8234450ED7505A34A67ADFC263DC5DE1CD84705BEF184A379631E85FEDC5B5A54E9D545C67F0A781C56355EED3D357202E5CCAF5A309C90CB4D02059
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Lf.V-..V-..V-.._U..T-...I..T-..%O..T-...I..T-...I..\-...I..^-...I..U-..V-..p-...I..W-...I..W-...I..W-...I..W-..RichV-..........................PE..d....^.\.........." .........................................................p............`.........................................`'..H....'..d....P.......@.......,..h....`..$....!..T........................... "............... .. ............................text...f........................... ..`.rdata..F.... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..$....`.......*..............@..B................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\jdwp.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):214888
                                                                                                                              Entropy (8bit):6.3689612827793445
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:bqOh+Z8kWDpkher3yHoIc5fThMvKI2NDE7DatqBCl9g2BAwGNvw8nd07uIk/ZsLn:bqOkWDpkhejyIIc5fThgKI2NDE7DatqG
                                                                                                                              MD5:5C272E16B15027F1253AEADE2663E926
                                                                                                                              SHA1:6DB577A8200031C46E52F0387270873512306098
                                                                                                                              SHA-256:B3821AAD9EE689C35C7AFA77BC8A84487507AC19F6AA5CA9E7BCF0DC464520A5
                                                                                                                              SHA-512:FDC4A96A3F7F42373833EA39CC4E15DF5D0DDB161398FAF1910121360FBC23E712B493E3AD8D996D0111C065F71C6A63BC73071E102FAB7C990D66DEE99F4CF6
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&.C.b.-.b.-.b.-.k...p.-..,.`.-...,.a.-.b.,.3.-..J..a.-....a.-..(.i.-..).h.-..).H.-..-.c.-....c.-../.c.-.Richb.-.................PE..d...\^.\.........." .....|.........................................................."....`..........................................................`.......@.......,..h....p...... ...T............................................................................text....{.......|.................. ..`.rdata..r...........................@..@.data...X.... ......................@....pdata.......@......................@..@.rsrc........`.......&..............@..@.reloc.......p.......*..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\jfr.exe

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):20840
                                                                                                                              Entropy (8bit):6.0185826447008735
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:UfQWZJ7CZs36PlAObFyk5Avj+EJ8JN77hhNTz:EIZQiFyk5Wj+EW3h7v
                                                                                                                              MD5:C94800DBC4D0C88C2147C78A11EAE046
                                                                                                                              SHA1:980F00F8836917504F677F09C472B32D3FFFA1B4
                                                                                                                              SHA-256:C781B69A6594601F7ABBA51FAE7D10E7386F6497D87048592DC5DE78478A875D
                                                                                                                              SHA-512:27F2299609980B8EECF2DBC78F9A1F1A41F02613CC52EB7940C9B5918945CE95D72EE98BB3778F23ED399FF9990FE6BF5F0E0201B8CACFF2DBC36A81B4D2216A
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... lV.d.8.d.8.d.8.mu..h.8..i9.f.8..o9.f.8..i;.f.8..i=.u.8..i<.n.8..i9.g.8.d.9.Q.8..i<.e.8..i8.e.8..i.e.8..i:.e.8.Richd.8.........PE..d..."^.\..........".........."......,..........@..........................................`..........................................(..@....(.......`.......P..h....6..h....p..8... #..T............................#............... ...............................text............................... ..`.rdata....... ......................@..@.data........@.......&..............@....pdata..h....P.......(..............@..@.rsrc........`.......*..............@..@.reloc..8....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\jimage.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):31080
                                                                                                                              Entropy (8bit):6.1446645428202284
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:0XccQfXSpQFrUx4XqJ+lijsBIFF4CA5sv0LlAv/04Zj+UmS8JN77hhVu:gwSpQFrUGXBijnZAsDv/zZj+Um93hbu
                                                                                                                              MD5:996CE56EA7658063841C7E734ABA304F
                                                                                                                              SHA1:A14F833C2879B8353D170CFA1F9A7615220628CC
                                                                                                                              SHA-256:032E90BEC7D873E206A62AD62D4CECF5EECCE3CE76E14C5CF1929C2C99D7E571
                                                                                                                              SHA-512:7231C6F21526AE2E44C72F28B9A5FCE2FEC6B74DCA5278E1E278D4A6EFF7831C82B0E9985D1672EEFBD8AEE655FB1C923E8AD8FFF64D4F6D5BDE0EF2EE3CB96F
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........DK.*..*..*.....*.9.+..*...+..*..+...*.u....*.9.)..*.9./...*.9....*.../..*...*..*......*...(..*.Rich.*.........................PE..d....].\.........." .....0...2.......6..............................................Q.....`..........................................R..@...@S...............p..D....^..h............D..T........................... E...............@...............................text..../.......0.................. ..`.rdata.......@.......4..............@..@.data...0....`.......P..............@....pdata..D....p.......R..............@..@.rsrc................X..............@..@.reloc...............\..............@..B................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\jli.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):85352
                                                                                                                              Entropy (8bit):6.6827384955114155
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:9IrQCTq5Lua9U/TgP72L7AGv7XIOhAPwT5fK5inToIf9LtvxTIf0n3hdf:9ItTqRu8G67Z075iPwT5fK5uTBf9Lpxx
                                                                                                                              MD5:A74502F0F4A054B32B863983F75900D4
                                                                                                                              SHA1:16D51CF67B14D1D38E7A85011616E72E68DF6B32
                                                                                                                              SHA-256:389E0B457DC6D67361D8A6D17CB61F7A40781F73021893E9E7ABCF5437E8F494
                                                                                                                              SHA-512:3E761A4CCCA43E30507F63ADE091292BE12AE00BAF2F80C5590DA3BC17C3E018A11C647E5AFB713D8204B299E23683D1A4449A04D5E9462F8872286373A07EC7
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n{..*...*...*...#b(.&....~..(.....|.,....~.......~..!....~.. ...Yx..!...*...M....~..%....~..+....~D.+....~..+...Rich*...........................PE..d....].\.........." ................4.....................................................`.........................................P+..D....-.......`..x....P..P....2..h....p......p ..T............................ ..................`............................text.............................. ..`.rdata..,i.......j..................@..@.data........@......."..............@....pdata..P....P.......$..............@..@.rsrc...x....`.......,..............@..@.reloc.......p.......0..............@..B................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\jlig.jar

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2561870
                                                                                                                              Entropy (8bit):7.950659254289803
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:AZ0jAp98ICzLWQdFVjT5b8bi8TZm8ystPC0wgvriDBO8lBJrkZJvNE+GCeaW:M0c8ICnXdFpUZPhtPCTg+zB6vN9XW
                                                                                                                              MD5:8C5E90C2782307485B6C4DF21C345C1F
                                                                                                                              SHA1:16C707A88219839A1C810BAC89E8F55B9F2C879F
                                                                                                                              SHA-256:23A4CDC37AD980D00567B3B3C5DC8C24862BD0036C2EC7A76B4F2B40DD2F5E27
                                                                                                                              SHA-512:702EA5B6072FB86E59A982B7305295613D1AA40C704A7B4896610DFC9395D752DE33C889F450FB4F858BF157FE79E787702DD022396E402F0A57D6FB2FCCABC6
                                                                                                                              Malicious:false
                                                                                                                              Preview:PK........i~;Y................META-INF/MANIFEST.MF.....M..LK-...K-*...R0.3...M...u.I,..RH....())H..H.K.I-........y...t..K2...x.x..PK......M...S...PK........W..Y................com/PK........W..Y................com/httpb/PK........W..Y................com/httpb/computer/PK........W..Y................com/httpb/computer/Auth.classuVw@.....$..8l.0..#@..S.`cp..M,.A.Gv.!....".l.t$i...M..t.N....q.Mw..{.{.~w....C.w......{.'.>v.@...\.+..q..e%..|J.-3..H[..<..c.Q..5b#...13l.x.N.,.8S...3.5...Eb.k..2....n...2.p.P..]...(....C...@$fv....d.1.5.T .6..F2b.g.=.h$%P......h....P|..qt..6p9.....F.5....3,.R@..W..%V...kIC..$S..4,QM........#.I4..H4....I...I1.C.%6......$.HI.m...s......Q...c..H......{I'$.'uH.H;$.I;%zI.$.H.%.I..,..#q#i..!R..sH.K<..O..... i....[b..#.D.^.1...Qz....._"A: .$.HP#..Q........!...6H...Q.M./'5K.Bj....Y.U.-...Z%^K.*.z.........HG.Cf.R.I.x..v.....P....q.".................M.D...yq..mx.....<9fNX]1.Y|].]..w...f.....cn..;`.P6,...x...H+.......I.C.....I.L...V..-#|d..

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\jrunscript.exe

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):20840
                                                                                                                              Entropy (8bit):6.030713640159886
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:w5vQWB7Sa3uzSErFbFBk5A2j+XX8JN77hhT/B:l39FBk51j+Xc3hZ/B
                                                                                                                              MD5:593120B6C82023CA2DB7CED737B638FE
                                                                                                                              SHA1:F4CB3451665A8E796727472B98442155875A02D3
                                                                                                                              SHA-256:52C708FF1913720201D27870833C2EF1330E0F17B54546013244E130182C5DF1
                                                                                                                              SHA-512:C07F3AC8C004944CF41B801A4A5170CA7D5079940BE7C8BD3C95C4216EC894B6A68EAF07A9E76A570AEB52A161585410E3E795028F595237D8EDB455842973F2
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... lV.d.8.d.8.d.8.mu..h.8..i9.f.8..o9.f.8..i;.f.8..i=.u.8..i<.n.8..i9.g.8.d.9.Q.8..i<.e.8..i8.e.8..i.e.8..i:.e.8.Richd.8.........PE..d....].\..........".........."......,..........@..........................................`..........................................(..H....).......`.......P..h....6..h....p..<...P#..T............................#............... ...............................text............................... ..`.rdata..V.... ......................@..@.data...(....@.......&..............@....pdata..h....P.......(..............@..@.rsrc........`.......*..............@..@.reloc..<....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\jsound.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):58216
                                                                                                                              Entropy (8bit):6.448665141940965
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:WwHwnkTidqNTu1MZnq87A4YjQ5+ki43SXqhm8SEYq9RFWePyNySj+hAL23hUD:WvwcuZHAjkcEYCWePyNypW23hUD
                                                                                                                              MD5:86255DAAB96F901D9D114462CAE890A5
                                                                                                                              SHA1:C0CF2C8D74341A899847391F3E81F8E35EBE6A2D
                                                                                                                              SHA-256:11CB2C2C1E1A3D21275020456378A861F8BC1D5662EC0637B1C9059523F6C740
                                                                                                                              SHA-512:AA36442EC9D44905A8E47D28E319666FC14A0584F7A6D7C3A12993FBAFC314E99F728C1969B951C70280F73C7334A99102FF466E7B047D5472FD09CB99E1829D
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qA,.5 B.5 B.5 B.<X..= B..DC.7 B..DA.6 B..DG.' B..DF.? B.FBC.> B.5 C.U B..DG.6 B..DF.; B..DB.4 B..D..4 B..D@.4 B.Rich5 B.........................PE..d....^.\.........." .........T............................................... .......h....`....................................................................T.......h.......D.......T...............................................0............................text.............................. ..`.rdata..@/.......0..................@..@.data...............................@....pdata..T...........................@..@.rsrc...............................@..@.reloc..D...........................@..B................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\keytool.exe

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):20840
                                                                                                                              Entropy (8bit):6.0174753000435075
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:fQfQWZprCZs3y5bCodbFyg5Aaj+Uv58JN77hhMw3S:Y4ZPUohFyg5nj+UvG3hSw3S
                                                                                                                              MD5:C327A6038664C95B6F32C51BA42AA1B2
                                                                                                                              SHA1:71BBEA9B75EC685A2EAEF7808AFF92A20EF5FF31
                                                                                                                              SHA-256:0A47F893C8654304C622AC65D920CB02FD48011DBF97BAA76D44B9669FD9508E
                                                                                                                              SHA-512:38CB37124319959EE57957C53AFD120DC5C3026CA0DE3EC8FE76D0D0C1BBFD0718D5A3B06BCD72445A31AB64AB8A94D82367B60BF9A16138934E2D0C8F4E9926
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... lV.d.8.d.8.d.8.mu..h.8..i9.f.8..o9.f.8..i;.f.8..i=.u.8..i<.n.8..i9.g.8.d.9.Q.8..i<.e.8..i8.e.8..i.e.8..i:.e.8.Richd.8.........PE..d....].\..........".........."......,..........@..........................................`..........................................(..D....(.......`.......P..h....6..h....p..8...0#..T............................#............... ...............................text............................... ..`.rdata..&.... ......................@..@.data........@.......&..............@....pdata..h....P.......(..............@..@.rsrc........`.......*..............@..@.reloc..8....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\kinit.exe

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):20840
                                                                                                                              Entropy (8bit):6.026040577032081
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:lfQWZJbCZs3bJbObF1vI5Arj+sSC8JN77hhKc:JIZUiF9I5Oj+sSt3hsc
                                                                                                                              MD5:AC759524287B4F6ABB5D19E9FC0278C0
                                                                                                                              SHA1:BA0B522333E23EF6B809062526AAB0D828B88B9E
                                                                                                                              SHA-256:F5BC7613E65FF754BAF41C87ECD97F412D775943D8002BD768BF3DBF1C65ECB3
                                                                                                                              SHA-512:2BB4AF7ADF864CA053B48128B52B72408F684553A407DD1B9667B77149BFD413D3A58B380AFD2E6BE032D9D475ADC2A1F6960591AB2718B52C3AFD3A3FA18BF3
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... lV.d.8.d.8.d.8.mu..h.8..i9.f.8..o9.f.8..i;.f.8..i=.u.8..i<.n.8..i9.g.8.d.9.Q.8..i<.e.8..i8.e.8..i.e.8..i:.e.8.Richd.8.........PE..d....].\..........".........."......,..........@..........................................`..........................................(..D....).......`.......P..h....6..h....p..8...@#..T............................#............... ...............................text............................... ..`.rdata..F.... ......................@..@.data........@.......&..............@....pdata..h....P.......(..............@..@.rsrc........`.......*..............@..@.reloc..8....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\klist.exe

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):20840
                                                                                                                              Entropy (8bit):6.024318889705953
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:pfQWZJbCZs3b5hybF9W5Akj+a3g8JN77hhbv:tIZGWF9W5Nj+a3D3hpv
                                                                                                                              MD5:56F4284BDF917C9D0A1EDFF0ABC95E89
                                                                                                                              SHA1:51704A567BE150EFDF8EA04681138BD74FE7FA69
                                                                                                                              SHA-256:46E292D72F925F5A7A042DB44C1652AFFEE1598E6B5CEBEC4DC1E0D69ABD8055
                                                                                                                              SHA-512:EECA7CB35F038E1F5B75CCBF25FBD64A568B90FC693E6963FF63FA1DA84245B2B7A7CE763B830F79FB52532B9FCCA9FD261D95E7E033BB0A1A4A1A98B4A28821
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... lV.d.8.d.8.d.8.mu..h.8..i9.f.8..o9.f.8..i;.f.8..i=.u.8..i<.n.8..i9.g.8.d.9.Q.8..i<.e.8..i8.e.8..i.e.8..i:.e.8.Richd.8.........PE..d....].\..........".........."......,..........@..........................................`..........................................(..D....).......`.......P..h....6..h....p..8...@#..T............................#............... ...............................text............................... ..`.rdata..F.... ......................@..@.data........@.......&..............@....pdata..h....P.......(..............@..@.rsrc........`.......*..............@..@.reloc..8....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\ktab.exe

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):20840
                                                                                                                              Entropy (8bit):6.0258997424841265
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:zfQWZprCZs3o+prvWbFlhk5Akj+um88JN77hhsm:/YZECFLk5Xj+uo3h+m
                                                                                                                              MD5:3CCC90D5C39DF99381222D3543B25135
                                                                                                                              SHA1:905A71E31C99714BB4BA12DBD387DBAAA6E4C881
                                                                                                                              SHA-256:9CC29B289221F6DE8508ECFB92515BE5E20418F0AC26009EC0AEAF8C25DA5613
                                                                                                                              SHA-512:8359364758DC36EAD631E6B3327A0ADEFB41D87797BB59D52907524D1F9531852817F2D41594E9CE36545EA7B182D52180E22AF8A9669938EB6727EE10FCFB0E
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... lV.d.8.d.8.d.8.mu..h.8..i9.f.8..o9.f.8..i;.f.8..i=.u.8..i<.n.8..i9.g.8.d.9.Q.8..i<.e.8..i8.e.8..i.e.8..i:.e.8.Richd.8.........PE..d....].\..........".........."......,..........@..........................................`..........................................(..@....(.......`.......P..h....6..h....p..8...@#..T............................#............... ...............................text............................... ..`.rdata....... ......................@..@.data........@.......&..............@....pdata..h....P.......(..............@..@.rsrc........`.......*..............@..@.reloc..8....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\lcms.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):248168
                                                                                                                              Entropy (8bit):6.367802180015343
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:pYN40FkygRojdcALg9uP1+74/LgHmPr9qvZqhLanLTLzLfqeqwLuJ0cIjnMia10Y:ptoeALg9uP1+74/LgHmPr9qvZqhLanLG
                                                                                                                              MD5:76B02B333B567FD200E14B37FFA36D2F
                                                                                                                              SHA1:BCC2D5E2F400C87F1F667EE52CCA7F3C9EC865CB
                                                                                                                              SHA-256:F4B365F160620CE12CD1ADB08862BBA9732178530FFB311F6D2F490C5484C82D
                                                                                                                              SHA-512:309C0794DE650C5F65A6AF90770FE4A756DE2B1ABCCC1AC12409846B6D29099A8730D8F22C68E65FDBEBC08195CB55D1F863A58C237265F93E7CFBD506F2C7D1
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............................/............./....../....../..................................s............Rich............................PE..d....^.\.........." ................X.....................................................`.........................................."..D....$...................+......h.......p.......T...............................................8............................text............................... ..`.rdata..F}.......~..................@..@.data... f...0...X... ..............@....pdata...+.......,...x..............@..@.rsrc...............................@..@.reloc..p...........................@..B................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\management.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):25960
                                                                                                                              Entropy (8bit):6.094025608592697
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:/REIPMuGG0BHpEmUEXZQ2k3J2Vy/0DHUSOCRuj+POu18JN77hhj2G:/REIPMugBJry9ZSCSlRuj+POh3hNv
                                                                                                                              MD5:6B8B2D69C78F1043B9E1F7BEE7738F54
                                                                                                                              SHA1:4629FE452D64B5345E21099F75005CE54C676AC6
                                                                                                                              SHA-256:70049A53A2FECACC6CD739E391F16F7A6D76A4029260B2ABD1057839343E5E1B
                                                                                                                              SHA-512:0FF5851131BECB7DEF0816A71C5B71C080EB221E20D52388433D9704D17856BE25089EF3C9809C9FEC167D21BCBABEC569AE854A929C63C2F4F475F9C83C8A88
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........8 .AYN.AYN.AYN.H!..EYN..=O.CYN.2;O.CYN..=M.BYN..=K.KYN..=J.KYN..=O.DYN.AYO.fYN..=J.HYN..=N.@YN..=..@YN..=L.@YN.RichAYN.................PE..d....].\.........." .........2.......................................................=....`..........................................9.......I.......p.......`..d....J..h........... 3..T............................3...............0..0............................text............................... ..`.rdata.......0... ..................@..@.data...H....P.......>..............@....pdata..d....`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............H..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\management_agent.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):21352
                                                                                                                              Entropy (8bit):6.003761550919192
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:opOqV5qqwKK1xtsRbW0U+cZyBHyAMPJj+M9Z8JN77hhO0:nMqq7K1sRGZ9lJj+M9m3hk0
                                                                                                                              MD5:0FABBA3F53767F06CFB8CF8E65B55E89
                                                                                                                              SHA1:EFA97266358D13A15B8CBA4E007670A08869F912
                                                                                                                              SHA-256:D3E29630455E3FF04B59D3342A23DC87C629543779F20D1DA0D6F1C21B2134A6
                                                                                                                              SHA-512:84A11CF19E9518615675EDFE0F3469D99CFB89CE7D590984CC9A0BF17015CF47DA14A9A7FA06019C42A0661AA678A4D5B16269C921AE29D4C3046C2E61AE41BA
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%V\Qa72.a72.a72.hO..g72..S3.c72.....`72..S1.b72..S7.k72..S6.k72..U3.e72..S3.b72.a73.S72..S6.`72..S2.`72..S..`72..S0.`72.Richa72.................PE..d...-^.\.........." .........$.......................................................^....`.........................................`9......t:.......p.......`..(....8..h...........03..T............................3...............0...............................text............................... ..`.rdata.......0......................@..@.data...8....P.......,..............@....pdata..(....`......................@..@.rsrc........p.......2..............@..@.reloc...............6..............@..B................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\management_ext.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):32616
                                                                                                                              Entropy (8bit):6.242524655240827
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:sJwkLjJOqTKv6X+iEVAzyMwBb6/Nj+to13h2F:qfLcG34az3w9Cse3h2F
                                                                                                                              MD5:73449B4CEF40B7E1FC135EC2041A84CD
                                                                                                                              SHA1:9D81C9A14BF88EA171986766AB928067B6852C0F
                                                                                                                              SHA-256:99D94AE74E5F61AE38B6BA923F8349CAD4096FE9006A49B9938CB92C7EB12CC4
                                                                                                                              SHA-512:2CDB423939C7874B4521AE015F688FE2358C9011EAF2C94C978E085D951C97FC99855A5EF9F5E70EE13994ABF0B72F8FD7BAAC1056DF7F05E38B1DC86F7E2159
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................... ..........B.t...........................7..........7.....7.....7.L....7.....Rich...........................PE..d...0^.\.........." .....2...4.......4....................................................`......................................... a..,...Li..................`....d..h.......H....Y..T...........................0Z...............P...............................text...v0.......2.................. ..`.rdata...!...P..."...6..............@..@.data................X..............@....pdata..`............Z..............@..@.rsrc................^..............@..@.reloc..H............b..............@..B........................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\mlib_image.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):508264
                                                                                                                              Entropy (8bit):6.548281824096512
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:+Ra5eVgnhdjUSECdOKx95cP2Lc2CGfoV90O9CvsiTD0Hq+TePkE:oa5SgnhdwS9D95cP2fRAz0OgkxgZ
                                                                                                                              MD5:C954DA2696B84B14BB92FC2E8ACAD650
                                                                                                                              SHA1:AEC95A8E8CD78DB0A803819C1D0291C1DDA6D399
                                                                                                                              SHA-256:92D7476B13AF903EF64A915402BEBF7ED3EA58CB02C404E7A7A2E0FCA6AA75FC
                                                                                                                              SHA-512:FCE65F4F83BFCC2D48E72C06067649468EF08A023CB7F123C3F25763ABC7168666610587B3D004BC21634C62268F4484D5E3AB167D15478BA894B33A4CDABD7B
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D.0..d^..d^..d^.....d^..._..d^.s._..d^..d_.'d^...]..d^...[..d^...Z..d^...Z.2d^...^..d^......d^...\..d^.Rich.d^.........PE..d....^.\.........." ................t...............................................3p....`............................................$.......d.......................h............e..T...........................0f...............................................text............................... ..`.rdata..,...........................@..@.data...@...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\msvcp140.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):687240
                                                                                                                              Entropy (8bit):6.379243090804544
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12288:UXN5nAgElfmdHfDrb3XvEFPZ8U5qE2IQEKZm+jWodEEVWM8:qg0HvEF/5KIQEKZm+jWodEEIM8
                                                                                                                              MD5:2FE42EB09647F5AC31DD7E125105EF73
                                                                                                                              SHA1:FD886FBE78EAAFEB474167D32656605D78B3AF2A
                                                                                                                              SHA-256:7F8AD9E98C15E78618188CF44DDE2F39BAFF577E02A91EAA66D23C7662D12FD1
                                                                                                                              SHA-512:87AEF5BC3D0DD481307B95C80CA10F3E0BD7D36859971652EBD9E02DA71104488FA378A936627FC0A7CC486F4B0AACD07028897311D087260B1BE44FD034F263
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......FY.#.8.p.8.p.8.p..Tp.8.p.@(p.8.p.\.q.8.p.8.p.8.p.\.q.8.p.\.q.8.p.\.q.8.p.\.qu8.p.\.q.8.p.\Dp.8.p.\.q.8.pRich.8.p........................PE..d....}.Y.........." ................0k..............................................{.....`A............................................h.......,............ ..0B...>...>..............8...........................P...........................@....................text............................... ..`.rdata..............................@..@.data...D9..........................@....pdata..0B... ...D..................@..@.didat..h....p.......,..............@....rsrc...............................@..@.reloc...............2..............@..B................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\net.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):92008
                                                                                                                              Entropy (8bit):6.295853148871334
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:to3A3sdGjKMRKKKFnuG4dI84xubE+Yx5aWSPfjXry6+xHyq3hhU:tR3sdG2MRpK4dI84xrna9fb26Oy4U
                                                                                                                              MD5:23EECAE57F367F7206E9367215F238BD
                                                                                                                              SHA1:B605A0E2E323A2ED256603A76957B4C3FFF5E521
                                                                                                                              SHA-256:8DECE7F5C6D7FBE1FCCB29F228F4C67552D176F673A6626361466EAEFAA0329B
                                                                                                                              SHA-512:B7BDC2A272431C01255BCC1F4ECCC56399E84F2ABAA4F39FF11A0A7730BF506FB36568B9C60D7BD607E56E32D459874A0CBB285CD29B4B1C4D716D3ADC570A29
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........F...F...F...O.P.N.......D.......E.......L.......J.......B...5...G...5...M...F..........P.......G.....<.G.......G...RichF...........................PE..d....].\.........." .........z......H...............................................R.....`..........................................&..@....@.......p..x....`.......L..h...............T....................................................#..`....................text............................... ..`.rdata..<].......^..................@..@.data........P.......:..............@....pdata.......`.......<..............@..@.rsrc...x....p.......F..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\nio.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):63848
                                                                                                                              Entropy (8bit):6.237324758869314
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:5UUIH7N19T6Mh86zI3sszJYvFb2ChEKyJv4LL/SyvcG3yh8s9vtj+9jk3hqQ:5U586Ee2ChhqEGyvj3yhN9vMS3hqQ
                                                                                                                              MD5:24D594975FE4C45973C7EDCD890E13C6
                                                                                                                              SHA1:C3C0325621B23C618BCC0F31FB7A6407308E30FA
                                                                                                                              SHA-256:6FCB8DBFDD8868E415A61CB8CA90EA88365EE833C3EF3CFDBC6754DFCC0D8D40
                                                                                                                              SHA-512:A742E4CE3AEF869AD5C78C9D44625EA0A967F94A4B2A7C9BE647883F34F45D83A3D497CCE7D0FDA2D32CD16DA1739E79452440DA805E6859006E3FB90B82BA70
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...G...G...G...?...G..:#...G..:#...G..:#...G..:#...G...#...G...%...G...G..MG...#...G...#...G...#~..G...#...G..Rich.G..................PE..d....].\.........." .....r...n......Hu.......................................0....../.....`.........................................`....(..............x.......<.......h.... ......0...T...............................................P............................text...6q.......r.................. ..`.rdata.."T.......V...v..............@..@.data...............................@....pdata..<...........................@..@.rsrc...x...........................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\prefs.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):21864
                                                                                                                              Entropy (8bit):6.154844452255127
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:PCN5oEeAk61hf8PC5NnYCY3lHHU5ADMNj+W98JN77hhGH:a/oEeP6seBY3q5AYNj+Wa3hQH
                                                                                                                              MD5:7351AB13CDDD487E4E890A73C5C4E1DA
                                                                                                                              SHA1:108731898D9B6CD1BF25393533130DA47C7D41DF
                                                                                                                              SHA-256:5BFA49CED582B857688577376481D7E08D2817897DA172BE39A9C61D313D6B56
                                                                                                                              SHA-512:74823A129197F2B02EE92B366DD4153C146E04F3979EF7CC53A891DE8BE8855F02F3CA80911FCFD8D9DE1865FED7C8FDEA1DA4B8D35406B7641022A20BE03629
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........fcb...1...1...1...1...1'c.0...1'c.0...1'c.0...1'c.0...1.c.0...1.e.0...1...1...1.c.0...1.c.0...1.c.1...1.c.0...1Rich...1................PE..d....].\.........." .........$......................................................TM....`.........................................`8..<....;.......p.......`..L....:..h............2..T...........................p2...............0..p............................text............................... ..`.rdata..H....0......................@..@.data...8....P......................@....pdata..L....`.......0..............@..@.rsrc........p.......4..............@..@.reloc...............8..............@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\rmi.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):17256
                                                                                                                              Entropy (8bit):6.125120404563849
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:az0Ci9QFGS3/ucuxtVv4VcKVusYnX3lT+tMbL1tJx+wM4+yfH0JOqsmVgz28WhBV:/i/RAio3Bvj+p4f8JN77hhoY
                                                                                                                              MD5:4646E27358C999ADC3C60F278C858238
                                                                                                                              SHA1:DFCC339A0BADFD46D43F8FF0D6908BC0AE09637A
                                                                                                                              SHA-256:F8487688FF3D87214CCE739A7E3C01E3DBFE14042837E1DC2F3C105EC22A12D6
                                                                                                                              SHA-512:9BD00008B778B63F2B6C0E7C559516C9A0B34D9C283684BBA0544B7A14BEA5FF164EB596D1CCC114AA173E8927D4182E968BCF4A22FE27DBA8683A3E44C8E12D
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V...V...V..._.U.T.......T...%...T.......T.......\.......^.......U...V...I.......W.......W.....9.W.......W...RichV...........PE..d....].\.........." ................P........................................p.......-....`..........................................'..l...l'..d....P..x....@.......(..h....`......`!..T............................!............... ...............................text............................... ..`.rdata..F.... ......................@..@.data........0......................@....pdata.......@....... ..............@..@.rsrc...x....P......."..............@..@.reloc.......`.......&..............@..B................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\rmid.exe

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):20840
                                                                                                                              Entropy (8bit):6.015285054209599
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:vfQWZJ7CZs365I+bFhm5A6j+ApKv8JN77hh0lP:7IZgyFhm5lj+Ap13hClP
                                                                                                                              MD5:FF1AC7E7602380F8AC11CEAFD05B8655
                                                                                                                              SHA1:927A690631B01A49C59A69CC452E4FA9FFA8D122
                                                                                                                              SHA-256:D4BA41E6B216A4C6C43E210F337EF8F86F9E126AA753226674E55CBD90379E14
                                                                                                                              SHA-512:C984DC70B3C116CF8CD1556C3DFB74F1C6B45C5EB86A33728C57C18E1AF4CDACFD140F50BEE53A07726D759C130BA5BD914499F4F90DA6E814B338A0D313818F
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... lV.d.8.d.8.d.8.mu..h.8..i9.f.8..o9.f.8..i;.f.8..i=.u.8..i<.n.8..i9.g.8.d.9.Q.8..i<.e.8..i8.e.8..i.e.8..i:.e.8.Richd.8.........PE..d....].\..........".........."......,..........@.........................................`..........................................(..@....(.......`.......P..h....6..h....p..8... #..T............................#............... ...............................text............................... ..`.rdata....... ......................@..@.data........@.......&..............@....pdata..h....P.......(..............@..@.rsrc........`.......*..............@..@.reloc..8....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\rmiregistry.exe

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):20840
                                                                                                                              Entropy (8bit):6.01570608772707
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:aQfQWZprCZs3y5JzVdbF2y5ABj+SCbOH8JN77hhD2ga:P4ZPHVhF2y5Mj+SCbOM3ht2ga
                                                                                                                              MD5:BB70AC83604BE082E590C2014B24B545
                                                                                                                              SHA1:CF2EC41AD1FFAC4E2C4594A20BBA85F2A8F39AEA
                                                                                                                              SHA-256:F5D31D3020BFDD52C4AE429D3B0563D1CF41A76C4B984FC9BF457895EAFCD7F5
                                                                                                                              SHA-512:534C389152E9FA11D82A4DD71C5522E30187FA4FD36836CFF0DAAE9D793097ED03392D9B86E141902AA8BF16503F99225F4797E00BB29D8D000F8D024DB4322B
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... lV.d.8.d.8.d.8.mu..h.8..i9.f.8..o9.f.8..i;.f.8..i=.u.8..i<.n.8..i9.g.8.d.9.Q.8..i<.e.8..i8.e.8..i.e.8..i:.e.8.Richd.8.........PE..d....].\..........".........."......,..........@....................................$.....`..........................................(..H....(.......`.......P..h....6..h....p..8...0#..T............................#............... ...............................text............................... ..`.rdata..&.... ......................@..@.data........@.......&..............@....pdata..h....P.......(..............@..@.rsrc........`.......*..............@..@.reloc..8....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\server\jvm.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):11527528
                                                                                                                              Entropy (8bit):6.38493174754526
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:196608:tqdGXarnYPPVdYvH4l3U9a462vz/Ayqt6fr1laO0kU5TmF3qr5MifPlxmHMEg9GX:xPVdYvYZU9aIvz/Ayqt6fr1laO0kU5TU
                                                                                                                              MD5:03B4B90C2AEB2422E76561929AAAA9B9
                                                                                                                              SHA1:489A11C8D4EE1D62834ECE9153873182936E88A8
                                                                                                                              SHA-256:CD71D6BB8FB2599AF962A87C8124083C5B532F346244F1E3DAED863939B6DDD5
                                                                                                                              SHA-512:766D78EE0F420B28C11E36B36F0BEA261397F5C243EF60CC0A1ED5E7D3AEA7FE65A98F5840A9CFCE0DC96673BC78C32434F80D6AD018E0BCB6A4FAE80578416F
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w.W.3.9G3.9G3.9G:..G'.9G.8F1.9G.~.G7.9G.:F5.9G.=F8.9G.<F#.9G@.8F<.9G3.8G!.9G.<F^.9G.9F2.9G..G2.9G3.G2.9G.;F2.9GRich3.9G........................PE..d....].\.........." ......{...;.......{......................................@....../w....`............................................<9..,...|.......8.............h............a..T....................c..(....b................|..............................text...L.{.......{................. ..`.rdata...&$...|..($...{.............@..@.data.......0...t..................@....pdata.............................@..@_RDATA..."...p...$..................@..@.rsrc...8............8..............@..@.reloc...............>..............@..B................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\splashscreen.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):215912
                                                                                                                              Entropy (8bit):6.658992407446139
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:VGcesEflIFOxeWYYBII9XJqGUFyQGlPZtTBqWI:VG8cnxdLz6FbG3tTm
                                                                                                                              MD5:4891612A12FEF7E2842F19B03FBDAA92
                                                                                                                              SHA1:A554A20F90A291DFAC40CBC087C82F9108C2A841
                                                                                                                              SHA-256:2E3A4AA5D65A82B0CF8E5834836DAB834CE2A9F5E901BBD7A98DC94C86730AF3
                                                                                                                              SHA-512:040ABCBF7FA31DF5E9B7C9F9A29421D6E79F40088F26435F3EDD5E10197DC315D83BDFFE6362F518615EB69C6342F70189ACCC1F7A804B9837D7C5AF0724F71B
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........C.n.".=.".=.".=.Z[=.".=?F.<.".=s..=.".=?F.<.".=?F.<.".=.F.<.".=?F.<.".=.@.<.".=.".=g".=.F.<.".=.F.<.".=.F.<.".=.F7=.".=.F.<.".=Rich.".=........PE..d....^.\.........." .....X..........x\..............................................^s....`..................................................................p.......0..h...........@...T...........................@................p......T...@....................text....W.......X.................. ..`.rdata.......p.......\..............@..@.data....5...0......................@....pdata.......p......................@..@.rsrc................*..............@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\sunec.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):148840
                                                                                                                              Entropy (8bit):6.151594005485092
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:xaBXu8oE1suaGdWfI9uKTvYHoZheI14KHoKHtZHothEpDfvDeFuwn:xyXu8oEV1dWfI9uK7Jhp14LEZ3Dkn
                                                                                                                              MD5:A2B8852DDFF83BB057A46B3E2528B737
                                                                                                                              SHA1:80AE7386735625A03ED5FA1E551B294F174F3A96
                                                                                                                              SHA-256:89A956846DA311FAA58BCC653FE9495399B9E84EEB0D3E559DC50B22B2BFC7C4
                                                                                                                              SHA-512:2F0BA17BBA31BE4E8779AF2A4D5F513D15EC140DAFCE9D173EFC067275E8079390D78BFE6F315C92592F6487F0454D30167A99E23362C9C79E8AE05F9DB9FDD2
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-..ei.t6i.t6i.t6`..6a.t6..u7k.t6..u7j.t6i.u6[.t6.B.6h.t6..w7j.t6..q7{.t6..p7c.t6..q7h.t6..p7r.t6..t7h.t6...6h.t6..v7h.t6Richi.t6........PE..d....^.\.........." .........................................................p......0.....`.............................................p...0........@.......0.......*..h....P..........T........................... ................0...............................text...F........................... ..`.rdata.......0......................@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\ucrtbase.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1001272
                                                                                                                              Entropy (8bit):6.665560060128642
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:4KyD7Jupdvutjp4njVKNhHeV74Vnc8TYRrmxvSZX0ypvf:4KyJupdv6+juHeV8Iff
                                                                                                                              MD5:5B1C91B53AC3C3026D50DE8C05ABA139
                                                                                                                              SHA1:B9C2D160B1CE856D9904A340362236473A3D559C
                                                                                                                              SHA-256:D804EA40EACFC22A5E029B66D6D4F83D81F76A7EAD80313B33839253F90AF6B7
                                                                                                                              SHA-512:8E01056830E65320D684245BF055305E03EF136545EFB51AAD484A5B1B006F7D534C30B7973DA8628F49C31710AE23D3420F941156C941172B97EFE9E1EF9A1F
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................-.........3.....C...........................................A.............Rich............PE..d......p.........." .........n......`........................................`......._....`A.........................................U.......*.......@..........L.......8=...P..h...`...T...........................................x...@............................text............................... ..`.rdata..2...........................@..@.data....$...P.......4..............@....pdata..L............D..............@..@.rsrc........@......................@..@.reloc..h....P......................@..B................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\vcruntime140.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):89752
                                                                                                                              Entropy (8bit):6.5021374229557996
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:EFmmAQ77IPzHql9a2k+2v866Xc/0i+N1WtYil42TZiCvecbtjawN+o/J:EQmI+NnXertP42xvecbtjd+ox
                                                                                                                              MD5:0E675D4A7A5B7CCD69013386793F68EB
                                                                                                                              SHA1:6E5821DDD8FEA6681BDA4448816F39984A33596B
                                                                                                                              SHA-256:BF5FF4603557C9959ACEC995653D052D9054AD4826DF967974EFD2F377C723D1
                                                                                                                              SHA-512:CAE69A90F92936FEBDE67DACD6CE77647CB3B3ED82BB66463CD9047E90723F633AA2FC365489DE09FECDC510BE15808C183B12E6236B0893AF19633F6A670E66
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............x.D.x.D.x.D..AD.x.D..=D.x.D.x.D.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx.QD.x.Dx..E.x.DRich.x.D........PE..d....}.Y.........." .........T...............................................`.......Y....`A........................................p...4............@.......0..(.... ...>...P..p.......8...........................@................................................text...$........................... ..`.rdata...6.......8..................@..@.data...0.... ......................@....pdata..(....0......................@..@.rsrc........@......................@..@.reloc..p....P......................@..B................................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\verify.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):56168
                                                                                                                              Entropy (8bit):6.4205420292106234
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:gwCdZ4wSN5g6QtcHk2u/xKltk0Dw3hg4G:hNLN5hQtKkB/xKrhDr4G
                                                                                                                              MD5:0BA65276503BF2880B179A4EC467BF28
                                                                                                                              SHA1:0CF5BFDEC6703507F5AD64FBA9B3561EC8D566CA
                                                                                                                              SHA-256:11CBA5334753F5270E3944B2753A20ABCD1E03056479B673F223E8C0D7479DAA
                                                                                                                              SHA-512:03905632C72A1D836F7352CB997CABA65416A2FB308E2D2F3D84866A285E288D31B3E8730BBA80A8A150B634CC4B1B75D94ECF2C53D2F560FE22402ACFD511E4
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............j..j..j...W..j.]...j.....j......j.]...j.]....j.]....j.d...j..j..j.d....j.d...j.d.;..j.d...j.Rich.j.................PE..d....].\.........." .....z...H.......}..............................................0.....`.................................................H...........................h...........0...T...............................................x............................text...&x.......z.................. ..`.rdata..|3.......4...~..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\w2k_lsa_auth.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):28520
                                                                                                                              Entropy (8bit):6.156014403835867
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:B5aBjpzDDrtLsT6I3g9NoZTU35QUOHkbGGNET7T7T7T79Wa/LdFBj+NVa3hmn:U3DRsT6I3g9NoZTU35QUOHkbGGNET7TI
                                                                                                                              MD5:2F789F4037B8AB99D5A86C9810DF0A3E
                                                                                                                              SHA1:32903D478DF41C67285DC3A6F65A53C3983B5572
                                                                                                                              SHA-256:C80887F25AFA5AE7704FB56E406F309989C817942E141B265FD5F9935F125609
                                                                                                                              SHA-512:F553AE922CC2F8C8634142FD7492441C97356B99D9B25A2E6F3ADB907C1937F0346632A15D092F8A28D59DB3D7E91ADD2A008B1639236B83418EAC409333710E
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6!..WO.WO.WO./..WO.C3N.WO.C3L.WO.C3J.WO.C3K.WO..5N.WO.WN.WO.z3K.WO.z3O.WO.z3..WO.z3M.WO.Rich.WO.........PE..d....].\.........." .....&...2......X)..............................................".....`..........................................T.......U...............p.......T..h............M..T............................N...............@...............................text...6%.......&.................. ..`.rdata.......@.......*..............@..@.data........`.......H..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc...............R..............@..B........................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\windowsaccessbridge-64.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):65896
                                                                                                                              Entropy (8bit):6.27039888306316
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:k4GaD7x18FRRpG30QzBPAzP87VaXi8X3hzJia:k4byU0MKzwVui81l
                                                                                                                              MD5:7990C5B028E91C01C9953A2A3015D265
                                                                                                                              SHA1:1A2640F30B0668B3DE6E38E0FD67DC32C9387F14
                                                                                                                              SHA-256:A5FF462DFC90C0A454586E70A1B281F5F45723AE3EA515DA796970F473E22237
                                                                                                                              SHA-512:9213BBCF0DBD3E7062AF7C945417C4481DFB64BA5DDA6958B0017E199F5B041A7C32237BDAD5CAC822ECA45E5CFBEB7B6506C50ED181AD7285992DFD8D88C0E7
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......tf..0..C0..C0..C9.]C8..C.c.B2..C.c.B4..C.c.B>..C.c.B:..CCe.B5..C0..Cu..C.c.B7..C.c.B1..C.c1C1..C.c.B1..CRich0..C........PE..d....^.\.........." .....v...r.......x.......................................0......mm....`.............................................D...$...........p...............h.... ..H.......T............................................................................text....u.......v.................. ..`.rdata...S.......T...z..............@..@.data... ...........................@....pdata..............................@..@.rsrc...p...........................@..@.reloc..H.... ......................@..B........................................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\bin\zip.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):81768
                                                                                                                              Entropy (8bit):6.642868102664595
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:oEqxhNAZT8Bk0F0+EDgwjyjyH5IOQIOgFnToIfHs/CgyBA3hUP:oEqxhNAZTGZ0+SPqOTGgtTBfHs/CgyBX
                                                                                                                              MD5:41A50676A8C36F4524F2A2F2FC3B8125
                                                                                                                              SHA1:387A3ACCC234D7C5A9D952694282BD48EAFD5D2C
                                                                                                                              SHA-256:3BFCE6C1C268CCB133FE768402BBA398513E9203C25B86FE6781A759FA039794
                                                                                                                              SHA-512:0DB3F1D475573B04964758C130E6F361A5428D170130CDA9484F1E5E27356B68D45551CCB1159A0F07C9A9A0772828BD3ABE44F4D88339F54F245FB04929A878
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Gql.Gql.Gql.N...Mql...m.Eql.4.m.Eql....Bql...o.Cql...i.Mql...h.Mql...m.Bql.Gqm..ql...h.Sql...l.Fql.....Fql...n.Fql.RichGql.................PE..d....].\.........." .........x......h........................................p......A0....`......................................... ...(...H........P..x....@..H....$..h....`..`.......T............................................................................text.............................. ..`.rdata..$`.......b..................@..@.data...x....0......................@....pdata..H....@......................@..@.rsrc...x....P......................@..@.reloc..`....`......."..............@..B................................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\conf\logging.properties

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2733
                                                                                                                              Entropy (8bit):4.532817026961443
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:EmdS5PQQL8pRNYHjVsnkYXxInhkOGh1xdvjMgxI:G9NL3HjV5G1XrM8I
                                                                                                                              MD5:6B9BEDB07C74CA75DA4DE770DC51E69C
                                                                                                                              SHA1:3C0629532C002FC644627BF2DC35BEA5D915A2A3
                                                                                                                              SHA-256:0601D43ABA712C156936B7B126A22D5E8459981E5BCF6F984E8B2EE718AB5F42
                                                                                                                              SHA-512:ABB25CAA7A2946B644FAF10DD1AA4FC1B3FFC217EFC2D634B36924405F7A4C1BA4AC826B9338917F2F8ACC1BBA8924A3915382356DAFC262C80739D3C7B74487
                                                                                                                              Malicious:false
                                                                                                                              Preview:############################################################.# .Default Logging Configuration File.#.# You can use a different file by specifying a filename.# with the java.util.logging.config.file system property. .# For example java -Djava.util.logging.config.file=myfile.############################################################..############################################################.# .Global properties.############################################################..# "handlers" specifies a comma separated list of log Handler .# classes. These handlers will be installed during VM startup..# Note that these classes must be on the system classpath..# By default we only configure a ConsoleHandler, which will only.# show messages at the INFO and above levels..handlers= java.util.logging.ConsoleHandler..# To also add the FileHandler, use the following line instead..#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler..# Default global logging level..# This

                                                                                                                              C:\Program Files\WasabiWallet\jre\conf\management\jmxremote.access

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):3997
                                                                                                                              Entropy (8bit):4.420287335425547
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:OWi7j7teK8MCN/xK4ijnv+wtosJj/D9mQyZWZuQg4X+dv:OWiv7L8rNXE+wusxr9m5WZuVbv
                                                                                                                              MD5:5880F5255CF159B204761CF24BE76061
                                                                                                                              SHA1:DB484EB763831DB19C089C9820A54CC875E4F624
                                                                                                                              SHA-256:0C25D26EE212CA1E8C33F67C3C460D43FE849C3A1D23DBE341148517602B280C
                                                                                                                              SHA-512:64D33ADD796D2D3DF7AD37AA452EE1D106174BE1ADE3063D73BA416211629A9A9B05177969404FDC92FCEE8458450C9DE4A6195744B93131303208CB6F1416AD
                                                                                                                              Malicious:false
                                                                                                                              Preview:######################################################################.# Default Access Control File for Remote JMX(TM) Monitoring.######################################################################.#.# Access control file for Remote JMX API access to monitoring..# This file defines the allowed access for different roles. The.# password file (jmxremote.password by default) defines the roles and their.# passwords. To be functional, a role must have an entry in.# both the password and the access files..#.# The default location of this file is $JRE/conf/management/jmxremote.access.# You can specify an alternate location by specifying a property in.# the management config file $JRE/conf/management/management.properties.# (See that file for details).#.# The file format for password and access files is syntactically the same.# as the Properties file format. The syntax is described in the Javadoc.# for java.util.Properties.load..# A typical access file has multiple lines, where each

                                                                                                                              C:\Program Files\WasabiWallet\jre\conf\management\jmxremote.password.template

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):5690
                                                                                                                              Entropy (8bit):4.7693843485946195
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:MdJb7RT9iQj/y3LNNWoT2Wjb3LpjtzIVSnQDeJuV9uiS2T4Z:059ipz1nlZzIVSnQDeJqpSSO
                                                                                                                              MD5:AD773CFD53EFE03E662F1CF23561F725
                                                                                                                              SHA1:3BAD5B040B6D7117DF4C40609EA0F8074339EE47
                                                                                                                              SHA-256:0273B6A6B9E20E6CE54C5AEE70164028E0395063B2B7D39060A40B6495543DBF
                                                                                                                              SHA-512:E6794168BA80A8FF733D8C1771930AE8C8FC33030E5E9CA02700F326C88A2F68FF09BC734BFD1E492EF15705B288C7918CE1F3F7174742DEE6A62DFE086ABD65
                                                                                                                              Malicious:false
                                                                                                                              Preview:# ----------------------------------------------------------------------.# Template for jmxremote.password.#.# o Copy this template to jmxremote.password.# o Set the user/password entries in jmxremote.password.# o Change the permission of jmxremote.password to be accessible.# only by the owner..# o The jmxremote.passwords file will be re-written by the server.# to replace all plain text passwords with hashed passwords when.# the file is read by the server..#..##############################################################.# Password File for Remote JMX Monitoring.##############################################################.#.# Password file for Remote JMX API access to monitoring. This.# file defines the different roles and their passwords. The access.# control file (jmxremote.access by default) defines the allowed.# access for each role. To be functional, a role must have an entry.# in both the password and the access files..#.# Default location of this file

                                                                                                                              C:\Program Files\WasabiWallet\jre\conf\management\management.properties

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):14292
                                                                                                                              Entropy (8bit):4.555097635285101
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:uRK1ZVZHV+Dq3xtPbDxPqZwNrLTisyuVcKXiiPpkI:iaZTHV+Dq3xtP3xPqaNr/is1Bv
                                                                                                                              MD5:A5FC398C37A16613B1E37ADD65987531
                                                                                                                              SHA1:D96AC76D5055562F7387C6467AD797A7F574D9BB
                                                                                                                              SHA-256:50BCB62E166B21BE87A5AB2C5180ED73C84C1C55D56BB09362573715D61D8662
                                                                                                                              SHA-512:ACDC5934AAA5C1E351C2C5E941C84C890211F55A2B02D35AED30BC1316E0B8241473B0F9E4CDB57689A12A5A0717B4FC89B0F3750AA4427A044FB59D0D7C4D91
                                                                                                                              Malicious:false
                                                                                                                              Preview:#####################################################################.#.Default Configuration File for Java Platform Management.#####################################################################.#.# The Management Configuration file (in java.util.Properties format).# will be read if one of the following system properties is set:.# -Dcom.sun.management.jmxremote.port=<port-number>.# or -Dcom.sun.management.config.file=<this-file>.#.# The default Management Configuration file is:.#.# $JRE/conf/management/management.properties.#.# Another location for the Management Configuration File can be specified.# by the following property on the Java command line:.#.# -Dcom.sun.management.config.file=<this-file>.#.# If -Dcom.sun.management.config.file=<this-file> is set, the port.# number for the management agent can be specified in the config file.# using the following lines:.#.# ################ Management Agent Port #########################.#.# For setting the JMX RMI agent port

                                                                                                                              C:\Program Files\WasabiWallet\jre\conf\net.properties

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):6171
                                                                                                                              Entropy (8bit):4.7796841440611155
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:6ATE+VEtGObfObz3Ob6Onte3CO0V+r/aJ7SFXtqBZUT+gTzDuBnZky:/LVGG4f4z346et5m27SnCgTe9f
                                                                                                                              MD5:68BD230C3BE2537BD727ECA5F7F455CD
                                                                                                                              SHA1:44303B0AB87AB322ED43ACB48A8D91DF19961F63
                                                                                                                              SHA-256:85616A3AC7D8207F8CFF36083297A596FC580E5B8A9AA713ACBEC73513C15625
                                                                                                                              SHA-512:99E3A86FFEAA4187BBF7707E58D50AA23581375F86DC4DE0FCA8DFC76AC3831CAD131B4DD4B0383252DB89796A08F8BEF3AF337FE145F60FE1FEFD5C046BDDD2
                                                                                                                              Malicious:false
                                                                                                                              Preview:############################################################.# Default Networking Configuration File.#.# This file may contain default values for the networking system properties..# These values are only used when the system properties are not specified.# on the command line or set programmatically..# For now, only the various proxy settings can be configured here..############################################################..# Whether or not the DefaultProxySelector will default to System Proxy.# settings when they do exist..# Set it to 'true' to enable this feature and check for platform.# specific proxy settings.# Note that the system properties that do explicitly set proxies.# (like http.proxyHost) do take precedence over the system settings.# even if java.net.useSystemProxies is set to true...java.net.useSystemProxies=false..#------------------------------------------------------------------------.# Proxy configuration for the various protocol handlers..# DO NOT uncomment th

                                                                                                                              C:\Program Files\WasabiWallet\jre\conf\security\java.policy

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2180
                                                                                                                              Entropy (8bit):4.44345130079058
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:VP2hdA1rjIw9c3BBgqyYnhpwcdpULSELuodwZdw1yEQwSR:IA1rkw9cBgc1dKly
                                                                                                                              MD5:FBF2B55342947695AA2A15E3485ED29F
                                                                                                                              SHA1:A04C23F61D2958FC1E9882509927B43CAB0E799C
                                                                                                                              SHA-256:F2A00A1DEC3B7A097F0815F338A84717BA1017D5D7AAE96D842D2188D67C3250
                                                                                                                              SHA-512:35FFE47EB7D404785E5BEF3F1F26629F5DC04C54F9DCB082A250DA367414095B024E6486AD0332CEBE0348A2F972E9D58979C8C86AB9753F72FF0727BDA07C1C
                                                                                                                              Malicious:false
                                                                                                                              Preview://.// This system policy file grants a set of default permissions to all domains.// and can be configured to grant additional permissions to modules and other.// code sources. The code source URL scheme for modules linked into a.// run-time image is "jrt"..//.// For example, to grant permission to read the "foo" property to the module.// "com.greetings", the grant entry is:.//.// grant codeBase "jrt:/com.greetings" {.// permission java.util.PropertyPermission "foo", "read";.// };.//..// default permissions granted to all domains.grant {. // allows anyone to listen on dynamic ports. permission java.net.SocketPermission "localhost:0", "listen";.. // "standard" properies that can be read by anyone. permission java.util.PropertyPermission "java.version", "read";. permission java.util.PropertyPermission "java.vendor", "read";. permission java.util.PropertyPermission "java.vendor.url", "read";. permission java.util.PropertyPermission "java.class.version", "read";.

                                                                                                                              C:\Program Files\WasabiWallet\jre\conf\security\java.security

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):49874
                                                                                                                              Entropy (8bit):4.94779576016461
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:rfBVV5kMPuv7vcUjATp+a+Ij4sjyvbsIJnOI8e6Ho8oBf:rbkMWvTcUjATpxLjCjsUOReNf9
                                                                                                                              MD5:87AF7C8F9AB7A8C85611870C32EC96DF
                                                                                                                              SHA1:B64A60CD88900C323A81A94205282912AF4B72E0
                                                                                                                              SHA-256:DF9387923784D0E6A0F1FFECE3C492664C5661267E7BC548D6E589205855A99F
                                                                                                                              SHA-512:049519117675FA867D4E7327A5231F951F39519FFE8CDE2A0271C3E13CE7F6D7BAEBAD6C3E213D03CFE38D5978EA823559910DEC1D452D2BA0C4349178A4B176
                                                                                                                              Malicious:false
                                                                                                                              Preview:#..# This is the "master security properties file"...#..# An alternate java.security properties file may be specified..# from the command line via the system property..#..# -Djava.security.properties=<URL>..#..# This properties file appends to the master security properties file...# If both properties files specify values for the same key, the value..# from the command-line properties file is selected, as it is the last..# one loaded...#..# Also, if you specify..#..# -Djava.security.properties==<URL> (2 equals),..#..# then that properties file completely overrides the master security..# properties file...#..# To disable the ability to specify an additional properties file from..# the command line, set the key security.overridePropertiesFile..# to false in the master security properties file. It is set to true..# by default.....# In this file, various security properties are set for use by..# java.security classes. This is where users can statically register..# Cryptography Packag

                                                                                                                              C:\Program Files\WasabiWallet\jre\conf\security\policy\README.txt

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2390
                                                                                                                              Entropy (8bit):4.7611843972228405
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:E8GAAhgyWyrLrDltqTiPpFbZcX9Ux7VNCVp7hbiqIPb1KAI3ry:wDFbDEiP72X9UxINhbJIPpGy
                                                                                                                              MD5:3D47D94BC4F19D18BCC8B23F51D013AF
                                                                                                                              SHA1:A97CD312D6A2A9C8C780C15E5AF51A2F4F97C2CB
                                                                                                                              SHA-256:6DA0747334B0FEA7592FD92614B2BBC8B126535E129B1FEE483774D914E98EB5
                                                                                                                              SHA-512:68A031264CF9442526307364CA74B336AF55564C233C2F514CAC48E910022767562F8FF6A64BB9CFCBF0FB5E755289273382C9246418A4B9207FC7761D03C64E
                                                                                                                              Malicious:false
                                                                                                                              Preview:. Java(TM) Cryptography Extension Policy Files. for the Java(TM) Platform, Standard Edition Runtime Environment.. README.------------------------------------------------------------------------..Import and export control rules on cryptographic software vary from.country to country. The Java Cryptography Extension (JCE) architecture.allows flexible cryptographic key strength to be configured via the.jurisdiction policy files which are referenced by the "crypto.policy".security property in the <java-home>/conf/security/java.security file...By default, Java provides two different sets of cryptographic policy.files:.. unlimited: These policy files contain no restrictions on cryptographic. strengths or algorithms.. limited: These policy files contain more restricted cryptographic. strengths..These files reside in <java-home>/conf/security/policy in the "unlimited".or "limited" subdirectories respectively...

                                                                                                                              C:\Program Files\WasabiWallet\jre\conf\security\policy\limited\default_US_export.policy

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):146
                                                                                                                              Entropy (8bit):4.527560331114326
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:RFWDci4MRvKJHJu3dfeHFGoF+FXGGNNLc0WLVyIGNp5MOsVn9:jq4MR6H82Hf83o0DITOs59
                                                                                                                              MD5:1A08FFDF0BC871296C8D698FB22F542A
                                                                                                                              SHA1:F3F974D3F6245C50804DCC47173AA29D4D7F0E2C
                                                                                                                              SHA-256:758B930A526FC670AB7537F8C26321527050A31F5F42149A2DDA623C56A0A1A9
                                                                                                                              SHA-512:4CFCA5B10CD7ADDCFF887C8F3621D2FBEC1B5632436326377B0CE5AF1AE3E8B68AC5A743CA6082FC79991B8EEC703A6E1DFD5B896153407AD72327753222FDB3
                                                                                                                              Malicious:false
                                                                                                                              Preview:// Default US Export policy file...grant {. // There is no restriction to any algorithms.. permission javax.crypto.CryptoAllPermission; .};.

                                                                                                                              C:\Program Files\WasabiWallet\jre\conf\security\policy\limited\default_local.policy

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):647
                                                                                                                              Entropy (8bit):4.651231515753206
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:jtGrnXjZnhQBI9hcv2/9BW3iVKXYU/9pY/9xl:krj1A8imGiVk6xl
                                                                                                                              MD5:6D7B4616A5DBA477B6B6D3F9A12E568F
                                                                                                                              SHA1:7FB67E217C53A685CB9314001592B5BD50B5FBB9
                                                                                                                              SHA-256:2B2627548E61316150D47FFC3E6CAD465CA05B3CCCD4785EB7D21AA7BAA0F441
                                                                                                                              SHA-512:A0B98CBBB49184DF973BB2C4A506E9BC6E025A696BC0C8054A6352CC3F9B4A38E3BAF117C6834DDADDC38498556607ED4EDA8F1BC683F662D61DA50E0DB0C8C2
                                                                                                                              Malicious:false
                                                                                                                              Preview:// Some countries have import limits on crypto strength. This policy file.// is worldwide importable...grant {. permission javax.crypto.CryptoPermission "DES", 64;. permission javax.crypto.CryptoPermission "DESede", *;. permission javax.crypto.CryptoPermission "RC2", 128, . "javax.crypto.spec.RC2ParameterSpec", 128;. permission javax.crypto.CryptoPermission "RC4", 128;. permission javax.crypto.CryptoPermission "RC5", 128, . "javax.crypto.spec.RC5ParameterSpec", *, 12, *;. permission javax.crypto.CryptoPermission "RSA", *;. permission javax.crypto.CryptoPermission *, 128;.};.

                                                                                                                              C:\Program Files\WasabiWallet\jre\conf\security\policy\limited\exempt_local.policy

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):566
                                                                                                                              Entropy (8bit):4.521178196551511
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:jtGrnXjbIbnPp7U5fKBuDeHHxYzKBuKKX8HHxYAKdKBuKfFxZwn:krjmnPp7UBKY6HHxoKYRX8HHxYvdKYKq
                                                                                                                              MD5:4CBB03F484C86CBEA1A217BAAE07D3C9
                                                                                                                              SHA1:EE67275BC119C98191A09FF72F043872B05AB7FD
                                                                                                                              SHA-256:8C3D7648ABCD95A272CE12DB870082937F4D7F6878D730D83CB7FBB31EB8B2C9
                                                                                                                              SHA-512:2BD70518AED6B0E01C520C446830C5F567FA72974548818CAC3E1E5C2BE6F03DB78CE6012F5463B1E19C36243D04CBAAD38EC79524635EAAE2E427EB1875CCDB
                                                                                                                              Malicious:false
                                                                                                                              Preview:// Some countries have import limits on crypto strength, but may allow for.// these exemptions if the exemption mechanism is used...grant {. // There is no restriction to any algorithms if KeyRecovery is enforced.. permission javax.crypto.CryptoPermission *, "KeyRecovery"; .. // There is no restriction to any algorithms if KeyEscrow is enforced.. permission javax.crypto.CryptoPermission *, "KeyEscrow"; .. // There is no restriction to any algorithms if KeyWeakening is enforced. . permission javax.crypto.CryptoPermission *, "KeyWeakening";.};.

                                                                                                                              C:\Program Files\WasabiWallet\jre\conf\security\policy\unlimited\default_US_export.policy

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):146
                                                                                                                              Entropy (8bit):4.527560331114326
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:RFWDci4MRvKJHJu3dfeHFGoF+FXGGNNLc0WLVyIGNp5MOsVn9:jq4MR6H82Hf83o0DITOs59
                                                                                                                              MD5:1A08FFDF0BC871296C8D698FB22F542A
                                                                                                                              SHA1:F3F974D3F6245C50804DCC47173AA29D4D7F0E2C
                                                                                                                              SHA-256:758B930A526FC670AB7537F8C26321527050A31F5F42149A2DDA623C56A0A1A9
                                                                                                                              SHA-512:4CFCA5B10CD7ADDCFF887C8F3621D2FBEC1B5632436326377B0CE5AF1AE3E8B68AC5A743CA6082FC79991B8EEC703A6E1DFD5B896153407AD72327753222FDB3
                                                                                                                              Malicious:false
                                                                                                                              Preview:// Default US Export policy file...grant {. // There is no restriction to any algorithms.. permission javax.crypto.CryptoAllPermission; .};.

                                                                                                                              C:\Program Files\WasabiWallet\jre\conf\security\policy\unlimited\default_local.policy

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):193
                                                                                                                              Entropy (8bit):4.403143222843641
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:RF9QnzMGFgZJgQFcxqNGMRCKxGXcjQqbvUWeHFGoF+FXGGNNLc0WLVyIGNp5MOsn:j9Qna3FcxuwTXjkUZHf83o0DITOs59
                                                                                                                              MD5:2A0F330C51AFF13A96AF8BD5082C84A8
                                                                                                                              SHA1:AD2509631ED743C882999AC1200FD5FB8A593639
                                                                                                                              SHA-256:8D8A318E6D90DFD7E26612D2B6385AA704F686CA6134C551F8928418D92B851A
                                                                                                                              SHA-512:2B0385417A3FC2AF58B1CBB186DD3E0B0875E42923884153DEEE0EFCB390CA00B326ED5B266B3892D31BF7D40E10969A0B51DAA6D0B4CA3183770786925D3CDE
                                                                                                                              Malicious:false
                                                                                                                              Preview:// Country-specific policy file for countries with no limits on crypto strength...grant {. // There is no restriction to any algorithms.. permission javax.crypto.CryptoAllPermission; .};.

                                                                                                                              C:\Program Files\WasabiWallet\jre\conf\sound.properties

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1210
                                                                                                                              Entropy (8bit):4.681309933800066
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:va19LezUlOGdZ14BilDEwG5u3nVDWc/Wy:iaLGr1OsS5KnVaIWy
                                                                                                                              MD5:4F95242740BFB7B133B879597947A41E
                                                                                                                              SHA1:9AFCEB218059D981D0FA9F07AAD3C5097CF41B0C
                                                                                                                              SHA-256:299C2360B6155EB28990EC49CD21753F97E43442FE8FAB03E04F3E213DF43A66
                                                                                                                              SHA-512:99FDD75B8CE71622F85F957AE52B85E6646763F7864B670E993DF0C2C77363EF9CFCE2727BADEE03503CDA41ABE6EB8A278142766BF66F00B4EB39D0D4FC4A87
                                                                                                                              Malicious:false
                                                                                                                              Preview:############################################################.# Sound Configuration File.############################################################.#.# This properties file is used to specify default service.# providers for javax.sound.midi.MidiSystem and.# javax.sound.sampled.AudioSystem..#.# The following keys are recognized by MidiSystem methods:.#.# javax.sound.midi.Receiver.# javax.sound.midi.Sequencer.# javax.sound.midi.Synthesizer.# javax.sound.midi.Transmitter.#.# The following keys are recognized by AudioSystem methods:.#.# javax.sound.sampled.Clip.# javax.sound.sampled.Port.# javax.sound.sampled.SourceDataLine.# javax.sound.sampled.TargetDataLine.#.# The values specify the full class name of the service.# provider, or the device name..#.# See the class descriptions for details..#.# Example 1:.# Use MyDeviceProvider as default for SourceDataLines:.# javax.sound.sampled.SourceDataLine=com.xyz.MyDeviceProvider.#.# Example 2:.# Specify the default Synthesizer by it

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.base\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ISO-8859 text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):3244
                                                                                                                              Entropy (8bit):4.504892344419146
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:3kjJXQSqgbiihCrRbo+Q/cV0rDcFBL3P0/r3:3cAaOi01E+xV0rDaBL3P0z3
                                                                                                                              MD5:A762796B2A8989B8952B653A178607A1
                                                                                                                              SHA1:C725183C757011E7BA96C83C1E86EE7E8B516A2B
                                                                                                                              SHA-256:79CCB53E0DBDB8EC16747A516EB77C3737C797E544AAA0A552B8A886A70EEF69
                                                                                                                              SHA-512:9D88BD2910A0D7820732D498B11B4676A5A122F24093640D8F07D417E4D7077A3D411F5F3E96CC124483DBED9C940B9526CA8B19FBC7CE69CB294476FCAA6C91
                                                                                                                              Malicious:false
                                                                                                                              Preview:Copyright . 1993, 2018, Oracle and/or its affiliates..All rights reserved...This software and related documentation are provided under a.license agreement containing restrictions on use and.disclosure and are protected by intellectual property laws..Except as expressly permitted in your license agreement or.allowed by law, you may not use, copy, reproduce, translate,.broadcast, modify, license, transmit, distribute, exhibit,.perform, publish, or display any part, in any form, or by.any means. Reverse engineering, disassembly, or.decompilation of this software, unless required by law for.interoperability, is prohibited...The information contained herein is subject to change.without notice and is not warranted to be error-free. If you.find any errors, please report them to us in writing...If this is software or related documentation that is.delivered to the U.S. Government or anyone licensing it on.behalf of the U.S. Government, the following notice is.applicable:..U.S. GOVERNMENT END US

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.base\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):44
                                                                                                                              Entropy (8bit):4.202972243293108
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:c3AXFshzYoQ6LJMXTn:c9hzYey
                                                                                                                              MD5:2C311F1936F63834199DE94319A5CD8C
                                                                                                                              SHA1:6C5F8A9EBAB689F905FEFE44ACA0A1F77D39E425
                                                                                                                              SHA-256:2D5EC5B2984090D43BFB27C331B59BB537FBBBC9B5E015F1F94A5978372D293F
                                                                                                                              SHA-512:E8A51E80F98098F601130D556AE42AF6A9162B382820A4D5AD7FEF9D68270626384B440E41E3208ACD0A61103404454FF5FBE6E0B5D1434ED759667ED7E5B8DF
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please refer to https://java.com/otnlicense.

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.base\aes.md

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1444
                                                                                                                              Entropy (8bit):5.194600884456683
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:j6omedtxUno8PbOIFThJyprYFTcQLey9Rwq32stOkg9SQROd32sZyxtT41BtGW+F:mhedtuTOIJarYJt7Cq32srX32sZEt01Q
                                                                                                                              MD5:2E33468A535A4EB09EF57FC12A2652D0
                                                                                                                              SHA1:E64516F3FA1E72F88CAA50F14B8046DD74D012B6
                                                                                                                              SHA-256:45C6D4DA48325EDFBFF3DCF71C704E504C057904435ED23C6D57046D551EB69D
                                                                                                                              SHA-512:4D14B5DDBB4D09797264ED29BA71FAB6986B4A9E75EFB9402C1476E0A9E2884813D6A922DEA125643B4F74E1F3E458F4E48D6C840E0F4D16ED72FFBC4611DBB2
                                                                                                                              Malicious:false
                                                                                                                              Preview:## Cryptix AES v3.2.0..### Cryptix General License.<pre>..Cryptix General License..Copyright (c) 1995-2005 The Cryptix Foundation Limited..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are.met:.. 1. Redistributions of source code must retain the copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in. the documentation and/or other materials provided with the. distribution...THIS SOFTWARE IS PROVIDED BY THE CRYPTIX FOUNDATION LIMITED AND.CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,.INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF.MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED..IN NO EVENT SHALL THE CRYPTIX FOUNDATION LIMITED OR CONTRIBUTORS BE.LIABLE FOR ANY DIRECT

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.base\asm.md

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Unicode text, UTF-8 text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1582
                                                                                                                              Entropy (8bit):5.197382062974255
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:jr5OorYJCrYJ5zO432sHj32sZEtY17wNH7:8orYJCrYJZF3X31ENb
                                                                                                                              MD5:7396B45752D8E781B987EA823A9EDAF5
                                                                                                                              SHA1:DEC8E59F89A34DD1AA2D9DBFECC0D55A75BD7E41
                                                                                                                              SHA-256:D9B0E38559ABE2773B702397F22AE0896B38DC228D6436419940DE5D1BE7FF41
                                                                                                                              SHA-512:192B5AF61BFF7F9B52CE4E56AD72A47F9E8950EFA0D1A259661E19BAC192D6A1BD994E8057EC087B2D3B3D61ADBE1A26950A808EE2E6001FACEDD29D91E64DB3
                                                                                                                              Malicious:false
                                                                                                                              Preview:## ASM Bytecode Manipulation Framework v7.0..### ASM License.<pre>..Copyright (c) 2000-2011 France T.l.com.All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions.are met:..1. Redistributions of source code must retain the above copyright. notice, this list of conditions and the following disclaimer...2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution...3. Neither the name of the copyright holders nor the names of its. contributors may be used to endorse or promote products derived from. this software without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS".AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE.IMPLIED WARRANTIES OF MERCHANTA

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.base\c-libutl.md

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1556
                                                                                                                              Entropy (8bit):5.222803386080423
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:M6IHO9JnJzn6432svv32s3EsIm3tYHzNb:jn9JnJznR3r3zVHaBb
                                                                                                                              MD5:2E89A282A50F8702E52703464E6937CA
                                                                                                                              SHA1:CFC22A6F5B17CD539234D5B3160A5224ABEFADB9
                                                                                                                              SHA-256:BEF40679922D6FDFB7E4DDB223AD6722300F6054BA737BBF6188D60FCEC517F9
                                                                                                                              SHA-512:AE459D8CE5581EA57E203088373C1CE86D122D0E27EB871EE1383E0E64CD8A184FA207EEE0E835347316E70AFA24A1C95AEC30DEF3E09D15EE19A0B2C3AD2095
                                                                                                                              Malicious:false
                                                                                                                              Preview:## c-libutl 20160225..### c-libutl License.```..This software is distributed under the terms of the BSD license...== BSD LICENSE ===============================================================.. (C) 2009 by Remo Dentato (rdentato@gmail.com)...Redistribution and use in source and binary forms, with or without modification,.are permitted provided that the following conditions are met:.. * Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer.. * Redistributions in binary form must reproduce the above copyright notice,. this list of conditions and the following disclaimer in the documentation. and/or other materials provided with the distribution...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE.DISCLAIMED. IN NO EVENT

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.base\cldr.md

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Unicode text, UTF-8 text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2926
                                                                                                                              Entropy (8bit):5.237792588331056
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:LKjpNhAY4FCNPcwSHW5rSr+lP1JKrzteztw/wHasTI4c/Lr0in/Prfk05:ap/thP97fPQzkzqYHJc/3V/Prf55
                                                                                                                              MD5:F1259F314BA0FD7B89931656C0E01F45
                                                                                                                              SHA1:998597A92A51AE132359BE387ECAE88034480E6A
                                                                                                                              SHA-256:8C9852C0FB411A812383A31E481FE7D1440EC18698681657F0C1FD5C7B5D866C
                                                                                                                              SHA-512:6AD5E8EDF7F57774844DA9A42D2DE4B1FD718431411FFB709ABE3FAA8F98BB857E11FBF452B50DD9FD13B03D9C1DEB616749AC12F7A416B2C69623CB1CD95D83
                                                                                                                              Malicious:false
                                                                                                                              Preview:## Unicode Common Local Data Repository (CLDR) v33..### CLDR License..```..UNICODE, INC. LICENSE AGREEMENT - DATA FILES AND SOFTWARE.Unicode Data Files include all data files under the directories.http://www.unicode.org/Public/, http://www.unicode.org/reports/,.http://www.unicode.org/cldr/data/,.http://source.icu-project.org/repos/icu/, and.http://www.unicode.org/utility/trac/browser/...Unicode Data Files do not include PDF online code charts under the.directory http://www.unicode.org/Public/...Software includes any source code published in the Unicode Standard.or under the directories.http://www.unicode.org/Public/, http://www.unicode.org/reports/,.http://www.unicode.org/cldr/data/,.http://source.icu-project.org/repos/icu/, and.http://www.unicode.org/utility/trac/browser/...NOTICE TO USER: Carefully read the following legal agreement..BY DOWNLOADING, INSTALLING, COPYING OR OTHERWISE USING UNICODE INC.'S.DATA FILES ("DATA FILES"), AND/OR SOFTWARE ("SOFTWARE"),.YOU UNEQUIVOCALLY ACCEPT,

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.base\icu.md

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Unicode text, UTF-8 text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2930
                                                                                                                              Entropy (8bit):5.246998024784705
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:fmQYOKjpNhAY4FCNPcwSHW5rSr+lP1JKrzteztw/wHasTI4c/Lr0in/Prfk05:fmQYbp/thP97fPQzkzqYHJc/3V/Prf55
                                                                                                                              MD5:8C05194196C2E97E7D88535C57473939
                                                                                                                              SHA1:ED56C1A71A73878C17B71135218009823F80812C
                                                                                                                              SHA-256:15D33DE510BE13F32F2798316E793002809A04AD08BF508D6FFFF2566709F7E5
                                                                                                                              SHA-512:AA81650AFD03D6C5C3F4BE97CD7DFBAD2F4FED2FAC1F24BAC5A1BB4A2060575C7689335D054CB23A32C7B729C9614AF50AA17201A1DEEA821DAB1C247E027BE7
                                                                                                                              Malicious:false
                                                                                                                              Preview:## International Components for Unicode (ICU4J) v62.1..### ICU4J License..```..UNICODE, INC. LICENSE AGREEMENT - DATA FILES AND SOFTWARE.Unicode Data Files include all data files under the directories.http://www.unicode.org/Public/, http://www.unicode.org/reports/,.http://www.unicode.org/cldr/data/,.http://source.icu-project.org/repos/icu/, and.http://www.unicode.org/utility/trac/browser/...Unicode Data Files do not include PDF online code charts under the.directory http://www.unicode.org/Public/...Software includes any source code published in the Unicode Standard.or under the directories.http://www.unicode.org/Public/, http://www.unicode.org/reports/,.http://www.unicode.org/cldr/data/,.http://source.icu-project.org/repos/icu/, and.http://www.unicode.org/utility/trac/browser/...NOTICE TO USER: Carefully read the following legal agreement..BY DOWNLOADING, INSTALLING, COPYING OR OTHERWISE USING UNICODE INC.'S.DATA FILES ("DATA FILES"), AND/OR SOFTWARE ("SOFTWARE"),.YOU UNEQUIVOCALLY ACC

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.base\public_suffix.md

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):17785
                                                                                                                              Entropy (8bit):4.593835207960765
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:gn7Da28R/9yoeF6cXpMPWeXlUl5omyzQdBGYVSleCqxi:gn7DNw/woj25kzQdBG4CqI
                                                                                                                              MD5:5466C47717BFEA046F641C3241C12AE7
                                                                                                                              SHA1:E259AFAC740AB7961940058B033D5D23E6E4727F
                                                                                                                              SHA-256:3C20255E5F5CC6447E618114C807460F2068524FAA9184381C5B7AB8C5FFD765
                                                                                                                              SHA-512:83740D1C7EDAC33C26A69AE538E36A097D796F532A47CBCC2586E4B30AFDA5FA1C69E9E5F9F171F16DECC4BF60F78FAEECEB059F6F8D4D1620FEF925E14B77E1
                                                                                                                              Malicious:false
                                                                                                                              Preview:## Mozilla Public Suffix List..### Public Suffix Notice.```.You are receiving a copy of the Mozilla Public Suffix List in the following.file: <java-home>/lib/security/public_suffix_list.dat. The terms of the.Oracle license do NOT apply to this file; it is licensed under the.Mozilla Public License 2.0, separately from the Oracle programs you receive..If you do not wish to use the Public Suffix List, you may remove the.<java-home>/lib/security/public_suffix_list.dat file...The Source Code of this file is available under the.Mozilla Public License, v. 2.0 and is located at.https://raw.githubusercontent.com/publicsuffix/list/2225db8d9f4a2a27ec697c883360632fa0c16261/public_suffix_list.dat..If a copy of the MPL was not distributed with this file, you can obtain one.at https://mozilla.org/MPL/2.0/...Software distributed under the License is distributed on an "AS IS" basis,.WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License.for the specific language governing rights and l

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.base\unicode.md

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Unicode text, UTF-8 text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2957
                                                                                                                              Entropy (8bit):5.231255762952758
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:fbgKgoKjpNhAY4FCNPcwSHW5rSr+lP1JKrzteztw/wHasTI4c/Lr0in/Prfk05:jNip/thP97fPQzkzqYHJc/3V/Prf55
                                                                                                                              MD5:8E04C519D765867C8ACEEE9FDDD39902
                                                                                                                              SHA1:BE6C88B6BF2B84A98251FF7816910DC0FE195597
                                                                                                                              SHA-256:44BB74FA5140E635B80F83D248B2C73CB14B3927A9E1AB5B28F54D4BECE81ADD
                                                                                                                              SHA-512:8302F0ECB3477147C7CCE50AD132E757E38D3E9C31BE805864C2D85303187EA59552E167BAD57E9C2025820B0732E764BE7F845AEB022E8BEC628B43DE726D3A
                                                                                                                              Malicious:false
                                                                                                                              Preview:## The Unicode Standard, Unicode Character Database, Version 11.0.0..### Unicode Character Database..```..UNICODE, INC. LICENSE AGREEMENT - DATA FILES AND SOFTWARE.Unicode Data Files include all data files under the directories.http://www.unicode.org/Public/, http://www.unicode.org/reports/,.http://www.unicode.org/cldr/data/,.http://source.icu-project.org/repos/icu/, and.http://www.unicode.org/utility/trac/browser/...Unicode Data Files do not include PDF online code charts under the.directory http://www.unicode.org/Public/...Software includes any source code published in the Unicode Standard.or under the directories.http://www.unicode.org/Public/, http://www.unicode.org/reports/,.http://www.unicode.org/cldr/data/,.http://source.icu-project.org/repos/icu/, and.http://www.unicode.org/utility/trac/browser/...NOTICE TO USER: Carefully read the following legal agreement..BY DOWNLOADING, INSTALLING, COPYING OR OTHERWISE USING UNICODE INC.'S.DATA FILES ("DATA FILES"), AND/OR SOFTWARE ("SOFTWA

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.base\zlib.md

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1011
                                                                                                                              Entropy (8bit):4.589717550699574
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:jxxuyMlc/LxAbno0QNplTp4XGBi+g7Y8PaO:ZCc/LebnN63Tp4X4i/7ZSO
                                                                                                                              MD5:19F03867B2027801B674A81134FC94BD
                                                                                                                              SHA1:C239D2DA15DAC52B8B928C712BBB29A0BC18AAE4
                                                                                                                              SHA-256:19ABD401BAC9AF9B3E34C07E226DE1E6F2C1F0806FFCDC3FE2F1AD5855A42FF8
                                                                                                                              SHA-512:E37AA89A4F46987A6BC1B2B5FAD4CBF8DAA1F27CA30C02BB0405512BC9DE9C76B8655222B35DDB1C6AAE89234EDBB59B7D8B0989505CB72D216FD3D44DB76824
                                                                                                                              Malicious:false
                                                                                                                              Preview:## zlib v1.2.11..### zlib License.<pre>..Copyright (C) 1995-2017 Jean-loup Gailly and Mark Adler..This software is provided 'as-is', without any express or implied.warranty. In no event will the authors be held liable for any damages.arising from the use of this software...Permission is granted to anyone to use this software for any purpose,.including commercial applications, and to alter it and redistribute it.freely, subject to the following restrictions:..1. The origin of this software must not be misrepresented; you must not. claim that you wrote the original software. If you use this software. in a product, an acknowledgment in the product documentation would be. appreciated but is not required..2. Altered source versions must be plainly marked as such, and must not be. misrepresented as being the original software..3. This notice may not be removed or altered from any source distribution...Jean-loup Gailly Mark Adler.jloup@gzip.org madler@alumni.caltech.e

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.compiler\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.compiler\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.datatransfer\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.datatransfer\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.desktop\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.desktop\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.desktop\colorimaging.md

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):167
                                                                                                                              Entropy (8bit):4.67070372864436
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:RFRELUacKIVVPDwwP1FZenv+PELUaRHUBQecOczDP8LUacKIVG9V4n:jxKIVbZAevcvLKIVGon
                                                                                                                              MD5:0889FD01A6802A5A934572D9BD47F430
                                                                                                                              SHA1:7A7E547452EE1C72E8B0D96DCCBE315F62D5B564
                                                                                                                              SHA-256:04D61E3E8E71DD452EBE52008AF5378D9F6640D14578AEB515DC5375973B0189
                                                                                                                              SHA-512:F5872960470810CDBDC2DB1DFB216CAB88203B23400B16E157C8654C2EECFF8D9B26CE066EC18718C8E6D54EE1C54533FDADE395C454210FED5159FD4A7A0ADB
                                                                                                                              Malicious:false
                                                                                                                              Preview:## Eastman Kodak Company: Portions of color management and imaging software..### Eastman Kodak Notice.<pre>.Portions Copyright Eastman Kodak Company 1991-2003.</pre>..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.desktop\freetype.md

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Unicode text, UTF-8 text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):25312
                                                                                                                              Entropy (8bit):4.695476742874908
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:sG8+ZxGw7hiVHEUwi5rRL67cyV12rPd34FomzM2/R+qWo72gU/:sGfGKM7FCExGFzeqf72gU/
                                                                                                                              MD5:62B61C466A89D9EC719181058D908629
                                                                                                                              SHA1:60F95C2A23B013B9CEFF95257D2FBBB63AB750A0
                                                                                                                              SHA-256:0CF61939C90120AB1C460E5CEE2BA8C13178F4277876902403FCD08102340F91
                                                                                                                              SHA-512:9FE10778A148FCF9060E299B81F7B5EE44B232A53B8A6DE45F4766CB668C20D75BD9F96B3D645C192BE73E16F683EBB7509EA24A34842A3DFB0A8C56BF29BC72
                                                                                                                              Malicious:false
                                                                                                                              Preview:## The FreeType Project: Freetype v2.9.1...### FreeType Notice..```.FreeType comes with two licenses from which you can choose the one.which fits your needs best... The FreeType License (FTL) is the most commonly used one. It is. a BSD-style license with a credit clause and thus compatible with. the GNU Public License (GPL) version 3, but not with the. GPL version 2... The GNU General Public License (GPL), version 2. Use it for all. projects which use the GPLv2 also, or which need a license. compatible to the GPLv2...```..### FreeType License.```. The FreeType Project LICENSE. ----------------------------.. 2006-Jan-27.. Copyright 1996-2002, 2006 by. David Turner, Robert Wilhelm, and Werner Lemberg....Introduction.============.. The FreeType Project is distributed in several archive packages;. some of them may contain, in addition to the FreeType font engine,. various t

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.desktop\giflib.md

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1138
                                                                                                                              Entropy (8bit):5.165492712260651
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:jIRksrmJHHH0yN3gtsHw1hj9QHOsUv4eOk4/+/m3oqLF5j:cRksaJHlxE35QHOs5exm3ogF5j
                                                                                                                              MD5:18FF717C2E555DD25B3DFFE541100A1B
                                                                                                                              SHA1:8FC149197CD6D7F71A926C03168F774303C10BBB
                                                                                                                              SHA-256:66F0E1815F1D94BD89368C8D52BD6288265628516A7423088FF0A30DDD49C90D
                                                                                                                              SHA-512:2EBD20171F55BA61BEB2C3294C6EE6D07A75C847F79D535BCD3A691CDD55C50B8CA2D0C145CC23A35F7D4808C86008247898C395F97BDAA62A539FF967103805
                                                                                                                              Malicious:false
                                                                                                                              Preview:## GIFLIB v5.1.4..### GIFLIB License.<pre>..The GIFLIB distribution is Copyright (c) 1997 Eric S. Raymond..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF C

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.desktop\harfbuzz.md

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Unicode text, UTF-8 text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2753
                                                                                                                              Entropy (8bit):5.327426175928864
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:tokF1d5wLbvAfD+ZiOt9jPxsrN8IAgKxP/nHpz/C2tuiOnx9AjpF3e0:lF35wLbvIDVOtU8Ia/pLv0i+m/e0
                                                                                                                              MD5:8AA073ED3E1152FF8EF0297D47C09496
                                                                                                                              SHA1:6D4374BB491CE2F2317BDC131B947B1C14C13E6E
                                                                                                                              SHA-256:CCF257208C24230A007E9F6CAA34DCCA08368AE2B67D078C34946444607D816B
                                                                                                                              SHA-512:1F62990C103848A311560415CA9B185C77AD8B1E3258A1A546BA365EAAC8D74DF9CC88C67A158E33141DF623B3395EFC27D4DB3BB6CF07140EAEB44780555047
                                                                                                                              Malicious:false
                                                                                                                              Preview:## Harfbuzz v1.8.2..### Harfbuzz License..http://cgit.freedesktop.org/harfbuzz/tree/COPYING..<pre>..HarfBuzz is licensed under the so-called "Old MIT" license. Details follow..For parts of HarfBuzz that are licensed under different licenses see individual.files names COPYING in subdirectories where applicable...Copyright . 2010,2011,2012 Google, Inc..Copyright . 2012 Mozilla Foundation.Copyright . 2011 Codethink Limited.Copyright . 2008,2010 Nokia Corporation and/or its subsidiary(-ies).Copyright . 2009 Keith Stribley.Copyright . 2009 Martin Hosken and SIL International.Copyright . 2007 Chris Wilson.Copyright . 2006 Behdad Esfahbod.Copyright . 2005 David Turner.Copyright . 2004,2007,2008,2009,2010 Red Hat, Inc..Copyright . 1998-2004 David Turner and Werner Lemberg..For full copyright notices consult the individual files in the package....Permission is hereby granted, without written agreement and without.license or royalty fees, to use, copy, modify, and distribut

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.desktop\jpeg.md

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):3997
                                                                                                                              Entropy (8bit):4.656456480160931
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:4r84O6ZloAD2/EViOqSeNDYYJjWdyejpsf:4r8z6AasE4OUIU2sf
                                                                                                                              MD5:0E01ADD34BFADE0116BA59485AE53A78
                                                                                                                              SHA1:EC59C9E58573CA6EFDFE75EBE5E6C0263337B245
                                                                                                                              SHA-256:5DF42C1063BF600F9F499D99684A06558B4263259AB8F062748D549DF25D78B0
                                                                                                                              SHA-512:A073F70EA25D10852C38E301A3D9BCAF2594D8714BC49B5BCD3AB6CA4B9D197B781037E47D7FBC24C1E3209E517812BD29FE97ABF2C914CF2DA958F44629A121
                                                                                                                              Malicious:false
                                                                                                                              Preview:## Independent JPEG Group: JPEG release 6b..### JPEG License.<pre>..Must reproduce following license in documentation and/or other materials.provided with distribution:..The authors make NO WARRANTY or representation, either express or implied,.with respect to this software, its quality, accuracy, merchantability, or.fitness for a particular purpose. This software is provided "AS IS",.and you, its user, assume the entire risk as to its quality and accuracy...This software is copyright (C) 1991-1998, Thomas G. Lane..All Rights Reserved except as specified below...Permission is hereby granted to use, copy, modify, and distribute.this software (or portions thereof) for any purpose, without fee,.subject to these conditions:..(1) If any part of the source code for this software is distributed,.then this README file must be included, with this copyright and no-warranty.notice unaltered; and any additions, deletions, or changes to the original.files must be clearly indicated in accompanying

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.desktop\lcms.md

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1177
                                                                                                                              Entropy (8bit):5.177788588963408
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:jbCFeCdnDiJHLH0cPP3gt0Hw1hj9QH+sEJv48Ok4F+d1o36qjFv:/pCnDiJbbvEP5QH+sfIte36AFv
                                                                                                                              MD5:FBD67BC71CCBF9EEE0F91213C4819D7C
                                                                                                                              SHA1:CCEF481BFECEC21D55B8B7B21F57C83B5831BFB0
                                                                                                                              SHA-256:77646AA43E39D4C4B4FC1A21D2C6C07E79D2DB83D9456991F8201E9EDA566D91
                                                                                                                              SHA-512:9CB4D00066CF679172CBC7AF3F676197E785991738CEE4B529A2A78868A65EAD711093CCE8D5AAF1031822A59A48B03CFD06AAD04B236460F0F8F4E9409CDCB5
                                                                                                                              Malicious:false
                                                                                                                              Preview:## Little Color Management System (LCMS) v2.9..### LCMS License.<pre>..Little Color Management System.Copyright (c) 1998-2011 Marti Maria Saguer..Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the "Software"),.to deal in the Software without restriction, including without limitation.the rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the Software.is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO.THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTH

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.desktop\libpng.md

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):4043
                                                                                                                              Entropy (8bit):4.788532666166358
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:AhT9UaBPGzhk9L3RWWgmWyG+g2QUe4UMon1E4UbQ+G0:iUa0zhu3RWRm2lFMon1E4ot
                                                                                                                              MD5:8871C91370B2E602573B0183E738B0B1
                                                                                                                              SHA1:5A378CE6C7353687BC0EF64445ACE7D8C74857D1
                                                                                                                              SHA-256:7B046B8A4D2AE71087B9DFEE9FD36534E9E7419753700CB96B9C39C6BD466658
                                                                                                                              SHA-512:58360B1B78382025540C7813FD08E1305AB4F5D32E2A60D9DC8BCD4BDA69AA65D4220B25C9CB1319006B106C12DAF151B13801890BEC24CE4CAC4CD39C9F8218
                                                                                                                              Malicious:false
                                                                                                                              Preview:## libpng v1.6.35..### libpng License.<pre>..This copy of the libpng notices is provided for your convenience. In case of.any discrepancy between this copy and the notices in the file png.h that is.included in the libpng distribution, the latter shall prevail...COPYRIGHT NOTICE, DISCLAIMER, and LICENSE:..If you modify libpng you may insert additional notices immediately following.this sentence...This code is released under the libpng license...libpng versions 1.0.7, July 1, 2000 through 1.6.35, September 29, 2017 are.Copyright (c) 2000-2002, 2004, 2006-2018 Glenn Randers-Pehrson, are.derived from libpng-1.0.6, and are distributed according to the same.disclaimer and license as libpng-1.0.6 with the following individuals.added to the list of Contributing Authors:.. Simon-Pierre Cadieux. Eric S. Raymond. Mans Rullgard. Cosmin Truta. Gilles Vollant. James Yu. Mandar Sahastrabuddhe. Google Inc.. Vadim Barkov..and with the following additions to the disclaimer:.. There

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.desktop\mesa3d.md

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1170
                                                                                                                              Entropy (8bit):5.19497677432342
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:j0nFCCtPUrRONJHLH0cPP3gtkHw1h39QHGhsUv4eOk4qb1t3oOq/Fv:yCMctONJbbvE/NQHGhs5egOYFv
                                                                                                                              MD5:ACC852C222A18F0F9DE1D122CEAED1CF
                                                                                                                              SHA1:D6B2D2C7BAA0CBD0CF8C77EABDBF2E74B9E289EA
                                                                                                                              SHA-256:19E15D0300D42908475F7330DFBD5272962648EBB1BF054FD40BBD839EA44C28
                                                                                                                              SHA-512:E585CDFD6DA25883809D9AE14023EB3557FA7F83DE7A6CEF4CB9D157BA52D53E4295597E10A3E52BE4CE1D5A6D77D5705BF46195C5DE985764A01A81B1C50FF7
                                                                                                                              Malicious:false
                                                                                                                              Preview:## Mesa 3-D Graphics Library v5.0..### Mesa License.<pre>..Mesa 3-D graphics library.Version: 5.0..Copyright (C) 1999-2002 Brian Paul All Rights Reserved...Permission is hereby granted, free of charge, to any person obtaining a.copy of this software and associated documentation files (the "Software"),.to deal in the Software without restriction, including without limitation.the rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the.Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included.in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS.OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL.BRIAN PAUL BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIAB

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.desktop\opengl.md

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1158
                                                                                                                              Entropy (8bit):5.149176198276931
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:jl/fDrRONv/HpUUHuyPP3Gt0bTHw1hDmH+sUW8Ok4odZo3U/qZUFC:tDtONXJU8fPvGt0bUDmH+sfINi3ODFC
                                                                                                                              MD5:753D02AC91630E98D9727EA5350F0C5B
                                                                                                                              SHA1:7223B7BA579D4A191884A4B12FAABC706688E260
                                                                                                                              SHA-256:D53B703198C99093E090479101F3757FECEBAB6B313E2E15167CC3C24039DA9B
                                                                                                                              SHA-512:AAC77741C984E0833F3CFBFEF386FF084C699178370B383CCA96B8FC0669821AA263B96F58895EC9576A27FD8A24E68B61CEF374FBDC688DE2726ACD8A59CF57
                                                                                                                              Malicious:false
                                                                                                                              Preview:## Khronos Group OpenGL Headers v2.1..### Khronos Group License.<pre>..Copyright (c) 2007 The Khronos Group Inc...Permission is hereby granted, free of charge, to any person obtaining a.copy of this software and/or associated documentation files (the."Materials"), to deal in the Materials without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Materials, and to.permit persons to whom the Materials are furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be included.in all copies or substantial portions of the Materials...THE MATERIALS ARE PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT..IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY.CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.instrument\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.instrument\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.logging\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.logging\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.management.rmi\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.management.rmi\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.management\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.management\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.naming\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.naming\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.net.http\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.net.http\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.prefs\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.prefs\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.rmi\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.rmi\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.scripting\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.scripting\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.se\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.se\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.security.jgss\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.security.jgss\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.security.sasl\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.security.sasl\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.smartcardio\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.smartcardio\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.sql.rowset\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.sql.rowset\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.sql\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.sql\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.transaction.xa\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.transaction.xa\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.xml.crypto\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.xml.crypto\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.xml.crypto\santuario.md

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):11436
                                                                                                                              Entropy (8bit):4.569270343925356
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:SEASdeYFPVRQUM9o1XDFMKdFSvJZN+0G04Hrc3Pv8KIHKxF9Nmu3Dzt1XkTYst3L:ZxNRrM21TiA+8VL+EKdXNt9xkTYE3L
                                                                                                                              MD5:0CE8AC7F50080EB5D12A6B0D9006FE67
                                                                                                                              SHA1:9C1888FA9F40E4343FC52B8253B4EDC23A135292
                                                                                                                              SHA-256:1D98257526337A8FBCA792CB1AF0D9219C6ED3162609F75A358B5BB0DA52BB55
                                                                                                                              SHA-512:E84BAFCF03E8EAB9E4AA12DC7A7DBF2ADDC5D77140CB2A4D8279CEC8B6A5181FCBCFE4BC021B5E41483DFE075FAEC1DE34314CF34600E5ACE63D9573F71EB742
                                                                                                                              Malicious:false
                                                                                                                              Preview:## Apache Santuario v2.1.1..### Apache Santuario Notice.<pre>.. Apache Santuario - XML Security for Java. Copyright 1999-2018 The Apache Software Foundation.. This product includes software developed at. The Apache Software Foundation (http://www.apache.org/)... It was originally based on software copyright (c) 2001, Institute for. Data Communications Systems, <http://www.nue.et-inf.uni-siegen.de/>... The development of this software was partly funded by the European. Commission in the <WebSig> project in the ISIS Programme...</pre>..### Apache 2.0 License.<pre>.. Apache License. Version 2.0, January 2004. http://www.apache.org/licenses/..TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION..1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.xml\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.xml\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.xml\bcel.md

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):11502
                                                                                                                              Entropy (8bit):4.582058402651304
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:EaVBlMEASdeYFPVRQUM9o1XDFMKdFSvJZN+0G04Hrc3Pv8KIHKxF9Nmu3Dzt1XkL:rBRxNRrM21TiA+8VL+EKdXNt9xkTYE3L
                                                                                                                              MD5:E10DAEA3C294CECDE53655990812BB15
                                                                                                                              SHA1:D563C04C113DA979E54D83C70FB08EC924C3D635
                                                                                                                              SHA-256:9FE6EC3F6E188A2602E1150963992A49976B8ADD3148F100B6612D4223DE7353
                                                                                                                              SHA-512:CDE5A810CEF2688AF7AD8ADCCEC6B3B4CA639070B280BCD800E41846A6558858A8E8E216DCEAD5EADC94CCE1ACA5B932040A675B1B62487A32B8018935575350
                                                                                                                              Malicious:false
                                                                                                                              Preview:## Apache Commons Byte Code Engineering Library (BCEL) Version 6.0 ..### Apache Commons BCEL Notice.<pre>.. =========================================================================. == NOTICE file corresponding to the section 4 d of ==. == the Apache License, Version 2.0, ==. == in this case for the Apache Commons BCEL distribution. ==. =========================================================================.. This product includes software developed by. The Apache Software Foundation (http://www.apache.org/)...</pre>..### Apache 2.0 License.<pre>.. Apache License. Version 2.0, January 2004. http://www.apache.org/licenses/..TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION..1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 o

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.xml\dom.md

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):3028
                                                                                                                              Entropy (8bit):5.054060272622458
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:O6WEebVkoFxqbvyY5rpErRz+ulK0ZSw1bQknlZFQ/:OFrxWfyrgulK7hklI
                                                                                                                              MD5:8067C46049AC09BCFCB9E03C5BCD1107
                                                                                                                              SHA1:CBDB9414E25DAFCCDFDC905EB75999E63B9D660B
                                                                                                                              SHA-256:89C41F3CE50ACB96280B73D7A9C1710E96DBF6FC97D43CAB2B748DE93F9FE442
                                                                                                                              SHA-512:64A6D580C977F3E3AC2B6F1F7D3C9B97D1014ED3597317E88930AB44414AE09366E29AFD99736B534AA4426CAF6333688AFF0BB57692FF9EB4538DDEA21CCF17
                                                                                                                              Malicious:false
                                                                                                                              Preview:## DOM Level 3 Core Specification v1.0..### W3C License.<pre>..W3C SOFTWARE NOTICE AND LICENSE..http://www.w3.org/Consortium/Legal/2002/copyright-software-20021231..This work (and included software, documentation such as READMEs, or other.related items) is being provided by the copyright holders under the following.license. By obtaining, using and/or copying this work, you (the licensee).agree that you have read, understood, and will comply with the following terms.and conditions...Permission to copy, modify, and distribute this software and its.documentation, with or without modification, for any purpose and without fee.or royalty is hereby granted, provided that you include the following on ALL.copies of the software and documentation or portions thereof, including.modifications:.. 1.The full text of this NOTICE in a location viewable to users of the. redistributed or derivative work... 2.Any pre-existing intellectual property disclaimers, notices, or terms and. conditions. I

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.xml\jcup.md

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1142
                                                                                                                              Entropy (8bit):4.448183975265158
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:jjtypTzb5r9q6kqyiuZLX2DjXkIMmgmlye4ihXSZX3AVmF0xA:YpTPvteiupX2DNtgmlyF2Xi1F0xA
                                                                                                                              MD5:A73D5FEC48A99E32640DEFC06C83A84C
                                                                                                                              SHA1:185450D6F5F6AA9DA8AB972958409CC33765B8F5
                                                                                                                              SHA-256:7DD2BF8C8E345FEAD3E294AF8DF0A9BCC47BA38E14F40269607C2E6DDBB0D2F0
                                                                                                                              SHA-512:2D3012ED281415AC98AFF74B60B5E9B136FDD5B434917E381426B1CA223A9EA09ABB7F73B32A28723E0347106F8BA1F221457BF38E9B886A36BF2321DFD5CF14
                                                                                                                              Malicious:false
                                                                                                                              Preview:## CUP Parser Generator for Java v 0.10k..### CUP Parser Generator License.<pre>..Copyright 1996-1999 by Scott Hudson, Frank Flannery, C. Scott Ananian..Permission to use, copy, modify, and distribute this software and its.documentation for any purpose and without fee is hereby granted, provided.that the above copyright notice appear in all copies and that both.the copyright notice and this permission notice and warranty disclaimer.appear in supporting documentation, and that the names of the authors or.their employers not be used in advertising or publicity pertaining to.distribution of the software without specific, written prior permission...The authors and their employers disclaim all warranties with regard to.this software, including all implied warranties of merchantability and.fitness. In no event shall the authors or their employers be liable for.any special, indirect or consequential damages or any damages whatsoever.resulting from loss of use, data or profits, whether in an a

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.xml\xalan.md

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):12270
                                                                                                                              Entropy (8bit):4.620211037476624
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:y2dzIBEASdeYFPVRQUM9o1XDFMKdFSvJZN+0G04Hrc3Pv8KIHKxF9Nmu3Dzt1XkL:BlvxNRrM21TiA+8VL+EKdXNt9xkTYE3L
                                                                                                                              MD5:D47E2467EA67658C5DE11A9A4EE28766
                                                                                                                              SHA1:38858B360A8BDEFB6F5B9CDCD8E68ADF784472C1
                                                                                                                              SHA-256:AEE9C7E9DEF142A0357D74A07207A39DB8404E29AAB1CED8C6871265D0632218
                                                                                                                              SHA-512:E10050568D3FBCCA2D041FDDD90BAF413CA962D703101BBBC3D349BA725B516E2FEBCD7E6C9E0AE40A7EC1A75108E8CCBAB8E22CFFFEB64D77478D4CE315AF08
                                                                                                                              Malicious:false
                                                                                                                              Preview:## Apache Xalan v2.7.2..### Apache Xalan Notice.<pre>.. ======================================================================================. == NOTICE file corresponding to the section 4d of the Apache License, Version 2.0, ==. == in this case for the Apache Xalan distribution. ==. ======================================================================================.. This product includes software developed by. The Apache Software Foundation (http://www.apache.org/)... Specifically, we only include the XSLTC portion of the source from the Xalan distribution. . The Xalan project has two processors: an interpretive one (Xalan Interpretive) and a . compiled one (The XSLT Compiler (XSLTC)). We *only* use the XSLTC part of Xalan; We use. the source from the packages that are part of the XSLTC sources... Portions of this software was originally based on the following:.. - software copyright (c) 1999-2002, Lotus Development

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\java.xml\xerces.md

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):11846
                                                                                                                              Entropy (8bit):4.6120210641011425
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:BB/XsEASdeYFPVRQUM9o1XDFMKdFSvJZN+0G04Hrc3Pv8KIHKxF9Nmu3Dzt1XkT/:B97xNRrM21TiA+8VL+EKdXNt9xkTYE3L
                                                                                                                              MD5:5B9FED070E523544F4A423AB23629EA1
                                                                                                                              SHA1:7C973E54CDDC5681FA904E4687C2B4B43ADD39C2
                                                                                                                              SHA-256:BECFDF84DF78D88A61071D26129F85E28FB79ED1BF83DF97DD5C65D9F3C73926
                                                                                                                              SHA-512:7F221CB457E6FA1FED115BBDE65202163D03461C482299F73E8F6C82EDAD74E3AF75A7AE8BE01FB854D7FDBF6058ACE7FBA7470F57987DDB60FB9F92716D923A
                                                                                                                              Malicious:false
                                                                                                                              Preview:## Apache Xerces v2.11.0..### Apache Xerces Notice.<pre>. =========================================================================. == NOTICE file corresponding to section 4(d) of the Apache License, ==. == Version 2.0, in this case for the Apache Xerces Java distribution. ==. =========================================================================. . Apache Xerces Java. Copyright 1999-2010 The Apache Software Foundation. This product includes software developed at. The Apache Software Foundation (http://www.apache.org/).. Portions of this software were originally based on the following:. - software copyright (c) 1999, IBM Corporation., http://www.ibm.com.. - software copyright (c) 1999, Sun Microsystems., http://www.sun.com.. - voluntary contributions made by Paul Eng on behalf of the. Apache Software Foundation that were originally developed at iClick, Inc.,. software copyright (c) 1999..</pre>..### Apache 2.0 License.<pre>..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.accessibility\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.accessibility\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.charsets\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.charsets\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.crypto.cryptoki\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.crypto.cryptoki\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.crypto.cryptoki\pkcs11cryptotoken.md

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):833
                                                                                                                              Entropy (8bit):4.668367959948261
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:j165vAZvT+gYY8nTPTyTthmgYWBxr1V+VewE6Py+6:JqvAZr+gYY8TLGthxYoZV+Ven6a+6
                                                                                                                              MD5:5374F8C94671DA5A8AA5DE05E7F576DA
                                                                                                                              SHA1:BD62364ECA2AD0BCDDE69457033E42DA2FC19E03
                                                                                                                              SHA-256:449FACA9B1963F8B8DA5C56B945B3400CB1B5F9BE0964F5B015985F0696B45C5
                                                                                                                              SHA-512:A37DD8540C8EB62DF53D8D82314807590A3CF7FE5AB85135428507CCA38F72824CBC0B92B80A1BB6C1B60DF1A1E6BF09B44B2C1AF50892B713EDEFAB54B647D6
                                                                                                                              Malicious:false
                                                                                                                              Preview:## PKCS #11 Cryptographic Token Interface v2.20 Amendment 3 Header Files..### PKCS #11 Cryptographic Token Interface License.<pre>..License to copy and use this software is granted provided that it is.identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface.(Cryptoki)" in all material mentioning or referencing this software...License is also granted to make and use derivative works provided that.such works are identified as "derived from the RSA Security Inc. PKCS #11.Cryptographic Token Interface (Cryptoki)" in all material mentioning or.referencing the derived work...RSA Security Inc. makes no representations concerning either the.merchantability of this software or the suitability of this software for.any particular purpose. It is provided "as is" without express or implied.warranty of any kind...</pre>.

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.crypto.cryptoki\pkcs11wrapper.md

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2131
                                                                                                                              Entropy (8bit):5.173293353802325
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:BuwOOrXIJHJzI/NNl+eMuj2PMicp32srF32sZEtY17wBH7:4OrXIJHJz+NFMwhp3131EBb
                                                                                                                              MD5:B77D1951DF7A8488EB84CE1D25486A14
                                                                                                                              SHA1:E35415235EC3BBCB92BEECEB03A9A8E7C13A6FCE
                                                                                                                              SHA-256:371974B1FCA3744A3892C7EE1FCC593B8B4281FC218F4CAFD2F709E9DF5FD81D
                                                                                                                              SHA-512:759C75F87309B67C56A5B7088045E04BE7C023ECDBAEA80842E22B81B0BFB36026191070471F8B08FEF47EC73664611CE0453B4A9818F7708C95663733EE5CE9
                                                                                                                              Malicious:false
                                                                                                                              Preview:## IAIK (Institute for Applied Information Processing and Communication) PKCS#11 wrapper files v1..### IAIK License.<pre>..Copyright (c) 2002 Graz University of Technology. All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:..1. Redistributions of source code must retain the above copyright notice, this. list of conditions and the following disclaimer...2. Redistributions in binary form must reproduce the above copyright notice,. this list of conditions and the following disclaimer in the documentation. and/or other materials provided with the distribution...3. The end-user documentation included with the redistribution, if any, must. include the following acknowledgment:.. "This product includes software developed by IAIK of Graz University of. Technology.".. Alternately, this acknowledgment may appear in the software itself, if and. wherever such third-par

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.crypto.ec\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.crypto.ec\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.crypto.ec\ecc.md

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):29220
                                                                                                                              Entropy (8bit):4.637645849321541
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:384:tNE56OuAbn/0UVef6wFDVxnF+7xqsvLt+z/k8E9HinIVFkspWM9bc7ops08ZuQG:tNE5trbernFCL1leSWmc7ksNZuQG
                                                                                                                              MD5:DD9B366FA0BCD4ACD8EA00F064E738B9
                                                                                                                              SHA1:5578373B5BA7B6F9834A1ADBC6E523BBF996233C
                                                                                                                              SHA-256:3A804B110161CF6103E1AB8CA2674F7736BB2977DD5C91EBBE7A25D742CA38DC
                                                                                                                              SHA-512:80EB4F6D06263F218E41DF3544E7EEC230195CC896B4A32E53B76BCCCCAC694BEFBFEAA0FBDB72BC5549823B7094BC87EEE5EC5D7914174E327673DD4A51C9BE
                                                                                                                              Malicious:false
                                                                                                                              Preview:## Mozilla Elliptic Curve Cryptography (ECC)..### Mozilla ECC Notice..This notice is provided with respect to Elliptic Curve Cryptography,.which is included with JRE, JDK, and OpenJDK...You are receiving a [copy](http://hg.openjdk.java.net/jdk9/jdk9/jdk/file/tip/src/jdk.crypto.ec/share/native/libsunec/impl).of the Elliptic Curve Cryptography library in source.form with the JDK and OpenJDK source distributions, and as object code in.the JRE & JDK runtimes..<pre>.In the case of the JRE & JDK runtimes, the terms of the Oracle license do.NOT apply to the Elliptic Curve Cryptography library; it is licensed under the.following license, separately from Oracle's JDK & JRE. If you do not wish to.install the Elliptic Curve Cryptography library, you may delete the.Elliptic Curve Cryptography library:. - On Solaris and Linux systems: delete $(JAVA_HOME)/lib/libsunec.so. - On Mac OSX systems: delete $(JAVA_HOME)/lib/libsunec.dylib. - On Windows systems: delete $(JAVA_HOME)\bin\sunec.dll..</p

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.dynalink\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.dynalink\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.dynalink\dynalink.md

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1502
                                                                                                                              Entropy (8bit):5.195762399673515
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:j9TAjUUnoU+bOInrYFTY+JynrYFTtssxBJJ9i432sEEAkuyROd32sZyxtT41Btmv:3OYrYJKrYJmozi432sVK32sZEt01BtE5
                                                                                                                              MD5:7C3773C14E9DE1161A33902D64854BDE
                                                                                                                              SHA1:BEE6874BD3625623C939441C9269F9C6239A9247
                                                                                                                              SHA-256:17312591CABEE3EF6C34ED8897D92E4E361BA9CEA41EC00DCD61A322A8FC2CDB
                                                                                                                              SHA-512:86EE77D8E129B78173964461CD27200AEAB7FB6417FE0F4982D9B126ED2292216D08212BE91B53ECCB26DD6A8B3E1AAB1D1DBAB85C2133872AC0027DC87A8223
                                                                                                                              Malicious:false
                                                                                                                              Preview:## Dynalink v.5..### Dynalink License.<pre>..Copyright (c) 2009-2013, Attila Szegedi..Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are.met:.* Redistributions of source code must retain the above copyright. notice, this list of conditions and the following disclaimer..* Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution..* Neither the name of the copyright holder nor the names of. contributors may be used to endorse or promote products derived from. this software without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS.IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED.TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A.PARTICULAR PURPOSE ARE DISCLAIMED. I

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.httpserver\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.httpserver\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.internal.vm.ci\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.internal.vm.ci\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.internal.vm.compiler.management\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.internal.vm.compiler.management\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.internal.vm.compiler\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.internal.vm.compiler\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.jdwp.agent\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.jdwp.agent\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.jfr\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.jfr\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.jsobject\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.jsobject\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.localedata\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.localedata\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.localedata\cldr.md

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.8212266049160206
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXGl:clPETY
                                                                                                                              MD5:34C921033BD4EA16D1F88A6206730AA0
                                                                                                                              SHA1:F6F0C684B111FA3385D90BFD7C68B38ED18134C9
                                                                                                                              SHA-256:09972449731A1D1A0863AF0384AEB7839F84CAC74983C96856E6C305E31ED8B2
                                                                                                                              SHA-512:19A43AB7B25DB61EFD8E844AFBF5B3C640E3C97143765F868F297673820CE0ED451E2FCBFF70C45300D6E04384EFCCD8B5A3FA1C311BA579C7BC359DF1F5223D
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\cldr.md..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.localedata\thaidict.md

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1346
                                                                                                                              Entropy (8bit):5.137098860141584
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:jLGwAkIL2LjjWrmJHHH0yN3gtsHw1hC09QHOsUv4eOk4/+/m3oqLFB:fRAk+2LnWaJHlxE3dQHOs5exm3ogFB
                                                                                                                              MD5:2EA6EB55CA40902554AAF2FD20A76BA8
                                                                                                                              SHA1:E5B9E88E174C797C313D6739E7E34772B723BC4B
                                                                                                                              SHA-256:C326144A2351C9608FA708B5D7D3C5A3DA03E82B66479B128E9DB4969539824A
                                                                                                                              SHA-512:5221112CD8EF83B636DC4364F53B72C5484A5885ACB55C2C071C88D23058093CAEE38578F7E424ECAFDB483CCC0BC8E78D7AC13ADD536EC824A8EAC171A576CB
                                                                                                                              Malicious:false
                                                                                                                              Preview:## Thai Dictionary..### Thai Dictionary License.<pre>..Copyright (C) 1982 The Royal Institute, Thai Royal Government...Copyright (C) 1998 National Electronics and Computer Technology Center,.National Science and Technology Development Agency,.Ministry of Science Technology and Environment,.Thai Royal Government...Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRAN

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.management.agent\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.management.agent\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.management.jfr\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.management.jfr\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.management\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.management\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.naming.dns\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.naming.dns\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.naming.rmi\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.naming.rmi\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.net\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.net\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.sctp\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.sctp\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.security.auth\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.security.auth\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.security.jgss\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.security.jgss\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.unsupported\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.unsupported\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.xml.dom\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.xml.dom\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.zipfs\COPYRIGHT

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):35
                                                                                                                              Entropy (8bit):4.125871146123145
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXm73yn:clPETT
                                                                                                                              MD5:4586C3797F538D41B7B2E30E8AFEBBC9
                                                                                                                              SHA1:3419EBAC878FA53A9F0FF1617045DDAAFB43DCE0
                                                                                                                              SHA-256:7AFB3A2DC57CB16223DDDC970E0B464311E5311484C793ABF9327A19EF629018
                                                                                                                              SHA-512:F2C722AE80D2C0DCDB30A6993864EB90B85BE5311261012D4585C6595579582D1B37323613F5417D189ADCD096FA948E0378C1E6C59761BF94D65C0A5C2F2FD3
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\COPYRIGHT..

                                                                                                                              C:\Program Files\WasabiWallet\jre\legal\jdk.zipfs\LICENSE

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):33
                                                                                                                              Entropy (8bit):3.9801694078807643
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:cD5PETXpZgov:clPET53v
                                                                                                                              MD5:16989BAB922811E28B64AC30449A5D05
                                                                                                                              SHA1:51AB20E8C19EE570BF6C496EC7346B7CF17BD04A
                                                                                                                              SHA-256:86E0516B888276A492B19F9A84F5A866ED36925FAE1510B3A94A0B6213E69192
                                                                                                                              SHA-512:86571F127A6755A7339A9ED06E458C8DC5898E528DE89E369A13C183711831AF0646474986BAE6573BC5155058D5F38348D6BFDEB3FD9318E98E0BF7916E6608
                                                                                                                              Malicious:false
                                                                                                                              Preview:Please see ..\java.base\LICENSE..

                                                                                                                              C:\Program Files\WasabiWallet\jre\lib\classlist

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):41417
                                                                                                                              Entropy (8bit):4.765277079141744
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:ZdwV+UtcGl64YWdfWtels+a3HOJIWXgBTmZ9feHddnPIu8k+FKoRCjgBmH7q8xT2:0tcGl64LdfWtels+a3HOJIWXgq9fQ9IB
                                                                                                                              MD5:AE268AC68B591DEC083EF005D8C8925C
                                                                                                                              SHA1:738B38B386E0766F86184FAB87E4955C3F4FE626
                                                                                                                              SHA-256:D97054221AC5DC26B5EC07C3054BF86AA1E736288661D7B147F2B6C8EC33EF47
                                                                                                                              SHA-512:B2006554D3260B0D8C106FADBF0C35018456E82316534D5C89AD832747202C9E178717936B2B4EDB9EC36E1794C2BAF442DC0BCDD3409FBC05DC79056D489F00
                                                                                                                              Malicious:false
                                                                                                                              Preview:java/lang/Object.java/lang/String.java/io/Serializable.java/lang/Comparable.java/lang/CharSequence.java/lang/constant/Constable.java/lang/constant/ConstantDesc.java/lang/Class.java/lang/reflect/GenericDeclaration.java/lang/reflect/AnnotatedElement.java/lang/reflect/Type.java/lang/invoke/TypeDescriptor$OfField.java/lang/invoke/TypeDescriptor.java/lang/Cloneable.java/lang/ClassLoader.java/lang/System.java/lang/Throwable.java/lang/Error.java/lang/ThreadDeath.java/lang/Exception.java/lang/RuntimeException.java/lang/SecurityManager.java/security/ProtectionDomain.java/security/AccessControlContext.java/security/AccessController.java/security/SecureClassLoader.java/lang/ClassNotFoundException.java/lang/ReflectiveOperationException.java/lang/NoClassDefFoundError.java/lang/LinkageError.java/lang/ClassCastException.java/lang/ArrayStoreException.java/lang/VirtualMachineError.java/lang/OutOfMemoryError.java/lang/StackOverflowError.java/lang/IllegalMonitorStateException.java/lang/ref/Reference.java

                                                                                                                              C:\Program Files\WasabiWallet\jre\lib\fontconfig.bfc

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:raw G3 (Group 3) FAX
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):3796
                                                                                                                              Entropy (8bit):4.427107131200534
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:SwwqDKR733QBw3wmsyvaJBl7BWBBTirNanqaZ3ZeRjY:Sww780QvfuBTia40
                                                                                                                              MD5:0E5EC0EA2AF566C4F8FA91BD079C5C22
                                                                                                                              SHA1:D946569150A21CCEAF4EB7BBD840215279500D17
                                                                                                                              SHA-256:ADE30478CDD7B9FD36594CA316FCBB24EB1130D769FE3D1DB7BA7CA3F3FF4DF0
                                                                                                                              SHA-512:ED17C0C2848E64CBD86A4F3E26385B1C378FF19357DB1FAE9CF9C7960C8B80A294442E1358882787EB5455CB3CB05B62A40FA3E0F711DF83C6DE38C7C4B51109
                                                                                                                              Malicious:false
                                                                                                                              Preview:...&.........<.a.s.........(.j...........;.<.:.=.0.7./.1.5...6.2.>.9.-.3.8.4............................................................................................................................................................................... .!."........... .!."........................................................... ... .................D.@.I.E.A.J.G.B.F.H.?.C...........................................................................................!.".#.$.%.&.'.(.).*.+.+.+.+.+.].\.Q.R.K.^.Z.g._.U.S.[.L.V.O.`.b.c.f.T.M.i.W.h.P.N.a.d.X.Y.e.j.q...n.x.....{...o.z.l.t.r.....v...s...y.k.}.....p.|...m.u...w...~...........................................................................................................................................................$.......#............... .................#.(.-.2.7.<.A.F.K.P.U.[.a.g.m.s.y...........................................................&.-.?.G.Q.`.m...............................&.0.<.F.Q.].g.r.|........................

                                                                                                                              C:\Program Files\WasabiWallet\jre\lib\fontconfig.properties.src

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):10582
                                                                                                                              Entropy (8bit):5.1881642858476855
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:E+e6a1nsNi8bTeOiO/Ywca9nB2RwhC3fB+GuoGj:ElnHIR9B2Rwh66j
                                                                                                                              MD5:7C7D0395F1C249F4A2E7ADB3807CC5E8
                                                                                                                              SHA1:6620A9C19C1CA2E213FBC042DF5CF2DF4EF9A199
                                                                                                                              SHA-256:E8E0EFACABE344560561461899D5DDC75C4EC05C87DA9A5F82CA91F22EB554DE
                                                                                                                              SHA-512:34C175DF28C54A4A9845C8A0F90D2711D184B23A76DBBBAF86D74D99AE6CF99509A0B50B9ACAF27F1AB1FFBAC90ED61486DB0148E2ECBBB6A0B7832D8DB4A5E3
                                                                                                                              Malicious:false
                                                                                                                              Preview:#.# .# Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved..# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms..#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#..# Version..version=1..# Component Font Mappings..allfonts.chinese-ms936=SimSun.allfonts.chinese-ms936-extb=SimSun-ExtB.allfonts.chinese-gb18030=SimSun-18030.allfonts.chinese-gb18030-extb=SimSun-ExtB.allfonts.chinese-hkscs=MingLiU_HKSCS.allfonts.chinese-ms950-extb=MingLiU-ExtB.allfonts.devanagari=Mangal.allfonts.kannada=Tunga.allfonts.dingbats=Wingdings.allfonts.symbol=Symbol.allfonts.symbols=Segoe UI Symbol.allfonts.thai=DokChampa.allfonts.georgian=Sylfaen..serif.plain.alphabetic=Times New Roman.serif.plain.chinese-ms950=MingLiU.serif.plain.chinese-ms950-extb=MingLiU-ExtB.serif.plain.hebrew=David.serif.plain.japanese=MS Mincho.serif.plain.korean=Batang..serif.bold.alphabetic=Times New Roman Bold.serif.bold.chinese-ms950=PMingLiU.serif.bold.chinese-ms950-extb=PMingLiU-ExtB.serif.bold.hebrew=Davi

                                                                                                                              C:\Program Files\WasabiWallet\jre\lib\jawt.lib

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:current ar archive
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1682
                                                                                                                              Entropy (8bit):4.41350066424323
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:aruyRbNfjuyfGcb5/GvDKpG+yAOWuyRb5/hQKN8yR+/jrEOK9/b5/co4:azVX5+vDK9yAOS5JQK2brEOKR50o4
                                                                                                                              MD5:B524A4DD986B692073D8A297BFD03989
                                                                                                                              SHA1:ECAC96992A683DAD5AD51BAD03D87F9EFF1174C5
                                                                                                                              SHA-256:F6B9262592F1898DDC821F54F87820D9AFD8947CC3E65247AE60D5E58BB8E6BE
                                                                                                                              SHA-512:D0FF8A70441ED51C41A7FA8BE5E52160BF26BABBE44B7EA048E43D3A483830E111D569DF2F6DFE7C40173ECEE8031F543921CF6BE4B3298F8C635F985C353BCF
                                                                                                                              Malicious:false
                                                                                                                              Preview:!<arch>./ -1 0 126 `....................,...,__IMPORT_DESCRIPTOR_jawt.__NULL_IMPORT_DESCRIPTOR..jawt_NULL_THUNK_DATA.JAWT_GetAWT.__imp_JAWT_GetAWT./ -1 0 136 `.................,.................JAWT_GetAWT.__IMPORT_DESCRIPTOR_jawt.__NULL_IMPORT_DESCRIPTOR.__imp_JAWT_GetAWT..jawt_NULL_THUNK_DATA.jawt.dll/ -1 0 482 `.d....................debug$S........>...................@..B.idata$2............................@.0..idata$6............................@. ..............jawt.dll'....................d.Microsoft (R) LINK..................................................jawt.dll..@comp.id.d...........................idata$2@.......h..idata$6...........idata$4@.......h..idata$5@.......h.......................6.............L...__IMPORT_DESCRIPTOR_jawt.__NULL_IMPORT_DESCRIPTOR..jawt_NULL_THUNK_DATA.jawt.dll/ -1 0 247 `.d.......

                                                                                                                              C:\Program Files\WasabiWallet\jre\lib\jfr\default.jfc

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:XML 1.0 document, ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):28789
                                                                                                                              Entropy (8bit):4.597463642477449
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:/vmjn+DUXDz6NKKq9fFQ0hG6lPBhRt0ng3Ca66L3gq:/vmjn+DUXPF19fdG6l5zaahgq
                                                                                                                              MD5:A3D8403CC2F4D31CC1A25ED5A66B833D
                                                                                                                              SHA1:4BA88071CE5FCC3B8E783318D6127D9D05E19EE3
                                                                                                                              SHA-256:1DFD018F83DE497C5BDA1378DBC9935BA9EAF7710CB959CBEE8FF50ED75C49F2
                                                                                                                              SHA-512:37E71542DB5B369B62FD4C8FF23692B03E63182C4559A44E01ACAE416B36193C3857380288555526B6D543D7A7D3460CFC054C77188BF487B72B670845B507CC
                                                                                                                              Malicious:false
                                                                                                                              Preview:<?xml version="1.0" encoding="UTF-8"?>.. . Recommended way to edit .jfc files is to use Java Mission Control,. see Window -> Flight Recorder Template Manager..-->..<configuration version="2.0" label="Continuous" description="Low overhead configuration safe for continuous use in production environments, typically less than 1 % overhead." provider="Oracle">.. <event name="jdk.ThreadAllocationStatistics">. <setting name="enabled">true</setting>. <setting name="period">everyChunk</setting>. </event>.. <event name="jdk.ClassLoadingStatistics">. <setting name="enabled">true</setting>. <setting name="period">1000 ms</setting>. </event>.. <event name="jdk.ClassLoaderStatistics">. <setting name="enabled">true</setting>. <setting name="period">everyChunk</setting>. </event>.. <event name="jdk.JavaThreadStatistics">. <setting name="enabled">true</setting>. <setting name="period">1000 ms</setting>. </event>.. <event name

                                                                                                                              C:\Program Files\WasabiWallet\jre\lib\jfr\profile.jfc

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:XML 1.0 document, ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):28743
                                                                                                                              Entropy (8bit):4.595087549433505
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:/9mAI3LHXYjIKKpcYFQ0N+0SPOdhJt0ng3Ca66L9Hq:/9mAI3LHXClscYJ+0Sy3aaXHq
                                                                                                                              MD5:F69245614FB3BD1EFB8837F1560049FC
                                                                                                                              SHA1:C74E01CE052291872205C28CE9F32AAC6A41AC9F
                                                                                                                              SHA-256:B4D394757633C8C2BEC21B1603835B65D52F8FFEE287203052B8BBDA702EA3D4
                                                                                                                              SHA-512:5BB34666E7B21994B3C01568F9C17DEB2DB9AFDB3AB9B81810920350BCDFAF1466AC61DDBB7D78D040D994DD1E438C663BBA8E1E003C2A477B200B0576BF0178
                                                                                                                              Malicious:false
                                                                                                                              Preview:<?xml version="1.0" encoding="UTF-8"?>.. . Recommended way to edit .jfc files is to use Java Mission Control,. see Window -> Flight Recorder Template Manager..-->..<configuration version="2.0" label="Profiling" description="Low overhead configuration for profiling, typically around 2 % overhead." provider="Oracle">.. <event name="jdk.ThreadAllocationStatistics">. <setting name="enabled">true</setting>. <setting name="period">everyChunk</setting>. </event>.. <event name="jdk.ClassLoadingStatistics">. <setting name="enabled">true</setting>. <setting name="period">1000 ms</setting>. </event>.. <event name="jdk.ClassLoaderStatistics">. <setting name="enabled">true</setting>. <setting name="period">everyChunk</setting>. </event>.. <event name="jdk.JavaThreadStatistics">. <setting name="enabled">true</setting>. <setting name="period">1000 ms</setting>. </event>.. <event name="jdk.ThreadStart">. <setting name="

                                                                                                                              C:\Program Files\WasabiWallet\jre\lib\jrt-fs.jar

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):106196
                                                                                                                              Entropy (8bit):7.924187090891007
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:voB0atUSaZOwGVLlEztv7+3F9T2mGKDUtJgd0vgO6/Woj9hIceZ+tPp:gB0W0Otl1rLGc/d0vg/uoj9hi+tPp
                                                                                                                              MD5:EDAFFA9096561F1792CE56DCC828543C
                                                                                                                              SHA1:CBFCB1ED47900CF151720DCCA79B33C26DCFCD9D
                                                                                                                              SHA-256:0F78A4F9F8FB1B399186A201CD57B405059E825B1B370143447ECB6137B3FC97
                                                                                                                              SHA-512:24DE93C0F4CB66ECA420252FAAB3C1DE3CBE41CA7FF125E570E6A7347EBA929A5EA1B4C37BCA3A8C625A2CAA6EA9734A8DF4F34E1A8316BA495E57ED8210E809
                                                                                                                              Malicious:false
                                                                                                                              Preview:PK...........N................META-INF/......PK..............PK...........N................META-INF/MANIFEST.MFu....P.D.@.aK-...t.,".A.~I6.p_l..o....v..=:.h..B2.w..y.&.@....Yvf5T..'...^,...>....q.W..R.A.3.....y..`...}.:eK.u..w.(..y..?...Z...ls..%,bf.&ir.PK..W.0!....4...PK...........N............,...jdk/internal/jimage/BasicImageReader$1.class.SmO.A.~...'.X..Q+.....J.....X...m.k.r..._i.H....G.g.M.-1M.dg.ff.yfw...?...E.9......&....#.E.L8.2)0m`.....!w....D0.l..1w}.jn9....0.:.P4ZVU|d.X.J.k.K..-.xJ{...JE.......?.....<...P...3.....RJ..>."A.T.z.J..Pq..#^..........WEX..>2a..F..66.A...(...S../&w.,k..IH..t'4=..P..w7....5Q].b....J...Y......nl....D..Jy~..i...AP5.....X.p...CZ.xj`..3<7.`a.K..-.`..u.`..........."C..p..Q....h7.>.0n.....m.....m.3\...O..J...{..Gc/>'...u.f5.u..W...z5c.......$M.udl[..@z....F...a..!k.}..;S.`..)...Sd.o.~%......l`.y.Vj.1.k......K..1.N....s..a......6..&..Nh7[h.i..w.p.ss;....,n.Y.q'..z'p.. =....7PK..CN.pX.......PK...........N............,...jdk/

                                                                                                                              C:\Program Files\WasabiWallet\jre\lib\jvm.cfg

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):29
                                                                                                                              Entropy (8bit):4.185230132909402
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3:ryMpy7IKnv:Rct
                                                                                                                              MD5:7CE21BDCFA333C231D74A77394206302
                                                                                                                              SHA1:C5A940D2DEE8E7BFC01A87D585DDCA420D37E226
                                                                                                                              SHA-256:AA9EFB969444C1484E29ADECAB55A122458090616E766B2F1230EF05BC3867E0
                                                                                                                              SHA-512:8B37A1A5600E0A4E5832021C4DB50569E33F1DDC8AC4FC2F38D5439272B955B0E3028EA10DEC0743B197AA0DEF32D9E185066D2BAC451F81B99539D34006074B
                                                                                                                              Malicious:false
                                                                                                                              Preview:-server KNOWN.-client IGNORE.

                                                                                                                              C:\Program Files\WasabiWallet\jre\lib\jvm.lib

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:current ar archive
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):974702
                                                                                                                              Entropy (8bit):5.37616568265688
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:VghTQD7jbdvls15JeJDO0ax6OOOgcQBOJczY02eEOVHmYTqI19bH:VaT8bhls15eD2xPDgcQYJciCOIb
                                                                                                                              MD5:BCCF272C1663C7866C85C1837DEDDD66
                                                                                                                              SHA1:F2259EB6284F2AB0FDE909EA685A861C76329E8F
                                                                                                                              SHA-256:3241F8BA95EC55A9D729FDAC36C785B981AA4E5983FCA572F078E20E3FF05F5C
                                                                                                                              SHA-512:ADED4FA228CFD3AA3686043E45E7C6B2FD3E2E0E2D46324FF5CBD7BA64B3ED4CC2F8242475BED1D2D53084C29672CF9745F99C347D64F5AB2C12677C7A80DB21
                                                                                                                              Malicious:false
                                                                                                                              Preview:!<arch>./ -1 0 268109 `......./`..1z..2...3...3...4...4...5^..5^..5...5...6r..6r..6...6...7...7...8...8...8...8...9...9...9...9...:...:...:...:...;0..;0..;...;...<D..<D..<...<...=H..=H..?...?...@L..@L..=...=...>D..>D..>...>...?T..?T..@...@...AR..AR..A...A...Bf..Bf..B...B...C...C...D...D...D...D...E...E...E...E...F"..F"..F...F...G:..G:..G...G...H^..H^..H...H...I|..I|..J...J...J...J...K...K...N...N...ON..ON..O...O...Pv..Pv..Q...Q...K...K...L...L...L...L...M"..M"..M...M...N4..N4..Q...Q...R&..R&..R...R...S2..S2..S...S...TJ..TJ..T...T...UX..UX..U...U...Vd..Vd..V...V...Wt..Wt..W...W...X...X...Z...Z...Y...Y...Y...Y...Z(..Z(..[...[...[...[...\...\...]...]...]...]...^Z..^Z..`f..`f..^...^..._X.._X.._..._...`...`...a^..a^..a...a...bX..bX..b...b...cP..cP..c...c...dH..dH..d...d...ep..ep..h...h...f ..f ..f...f...gv..gv..h"..h"..ij..ij..j$..j$..m...m...n...n...qx..qx..r...r...u...u...wl..wl..z<..z<..|...|...|...|...}Z..}Z..}...}...~^..~^..~...~....r...r....

                                                                                                                              C:\Program Files\WasabiWallet\jre\lib\modules

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Java module image (little endian), version 1.0
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):39178712
                                                                                                                              Entropy (8bit):7.980995389525067
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:786432:U+S/hltWUpXv1gam7rIgsOGF2c5sQteq2BjeMv1mI6usWJgbpJan/:U+usUpdDm7rIgXzqIeMs66b8
                                                                                                                              MD5:CC58540DFC1F28516243E490417A1998
                                                                                                                              SHA1:148F945CAA64167D495FC43E7C66BB3906649C91
                                                                                                                              SHA-256:807A36AD349105DF1409EBC0D275EDE637A752583B6E03A76792EEA3C50F138B
                                                                                                                              SHA-512:99849D2BA0F26075618B32AF211CEBDC38A1C011371A82B7D43B216B86623430613487B6D3D5FA5863B1ECBFC1CEDEDE16153637F1A33D84A8FEB1B10EB8F51A
                                                                                                                              Malicious:false
                                                                                                                              Preview:.............a...a..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................}...........{.......y...v.......u...s...........r.......k...............................i...................f...d...c.......a...`.......R.......K...H...G...............C...........B...?...=.......<.......................8.......................7...6...*.......&.......%......................."................... ...........................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\jre\lib\psfont.properties.ja

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2796
                                                                                                                              Entropy (8bit):5.182793663606788
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:R8s89HoIbTUjbyuJdI2FylXLr96cpcnnI0adbEk+IqdouZ:y56CiPFylXLrMGyJU+B
                                                                                                                              MD5:7C5514B805B4A954BC55D67B44330C69
                                                                                                                              SHA1:56ED1C661EEEDE17B4FAE8C9DE7B5EDBAD387ABC
                                                                                                                              SHA-256:0C790DE696536165913685785EA8CBE1AC64ACF09E2C8D92D802083A6DA09393
                                                                                                                              SHA-512:CCD4CB61C95DEFDCBA6A6A3F898C29A64CD5831A8AB50E0AFAC32ADB6A9E0C4A4BA37EB6DEE147830DA33AE0B2067473132C0B91A21D546A6528F42267A2C40E
                                                                                                                              Malicious:false
                                                                                                                              Preview:#.#.# Copyright (c) 1996, 2000, Oracle and/or its affiliates. All rights reserved..# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms..#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#..#.#.Japanese PostScript printer property file.#.font.num=16.#.serif=serif.timesroman=serif.sansserif=sansserif.helvetica=sansserif.monospaced=monospaced.courier=monospaced.dialog=sansserif.dialoginput=monospaced.#.serif.latin1.plain=Times-Roman.serif.latin1.italic=Times-Italic.serif.latin1.bolditalic=Times-BoldItalic.serif.latin1.bold=Times-Bold.#.sansserif.latin1.plain=Helvetica.sansserif.latin1.italic=Helvetica-Oblique.sansserif.latin1.bolditalic=Helvetica-BoldOblique.sansserif.latin1.bold=Helvetica-Bold.#.monospaced.latin1.plain=Courier.monospaced.latin1.italic=Courier-Oblique.monospaced.latin1.bolditalic=Courier-BoldOblique.monospaced.latin1.bold=Courier-Bold.#.serif.x11jis0208.plain=Ryumin-Light-H.serif.x11jis0208.italic=Ryumin-Light-H.serif.x11jis0208.bolditalic=Ryumin-Light-H.serif.x11jis

                                                                                                                              C:\Program Files\WasabiWallet\jre\lib\psfontj2d.properties

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):10393
                                                                                                                              Entropy (8bit):4.970762688893053
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:hPwn+Cyub3Ee4OECKDIcYOhAgZ50OKDQLT2IcpRuWRbHr9NRXUh/QTv9Ho39zPxq:5xzubEFOEscAW5VKsCfHz8RPxGt
                                                                                                                              MD5:F8734590A1AEC97F6B22F08D1AD1B4BB
                                                                                                                              SHA1:AA327A22A49967F4D74AFEEE6726F505F209692F
                                                                                                                              SHA-256:7D51936FA3FD5812AE51F9F5657E0E70487DCA810B985607B6C5D6603F5E6C98
                                                                                                                              SHA-512:72E62DC63DAA2591B48B2B774E2479B8861D159061B92FD3A0A06256295DA4D8B20DAFA77983FDBF6179F666F9FF6B3275F7A5BCF9555E638595230B9A42B177
                                                                                                                              Malicious:false
                                                                                                                              Preview:#.#.# Copyright (c) 1999, Oracle and/or its affiliates. All rights reserved..# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms..#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#.#..#.#.PostScript printer property file for Java 2D printing..#.# WARNING: This is an internal implementation file, not a public file..# Any customisation or reliance on the existence of this file and its.# contents or syntax is discouraged and unsupported..# It may be incompatibly changed or removed without any notice..#.#.font.num=35.#.# Legacy logical font family names and logical font aliases should all.# map to the primary logical font names..#.serif=serif.times=serif.timesroman=serif.sansserif=sansserif.helvetica=sansserif.dialog=sansserif.dialoginput=monospaced.monospaced=monospaced.courier=monospaced.#.# Next, physical fonts which can be safely mapped to standard postscript fonts.# These keys generally map to a value which is the same as the key, so.# the key/value is just a way to say the font has

                                                                                                                              C:\Program Files\WasabiWallet\jre\lib\security\blacklisted.certs

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1273
                                                                                                                              Entropy (8bit):4.167014768533289
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:NPwGDO0uFVW0mSDEYMZ9HWYZj4bJCC8lCEQqkvZq1n4v3CYe:NPrDJuF4oMyYZj4h8lCENq2+e
                                                                                                                              MD5:BBEBCF13680E71EC2EE562524DA02660
                                                                                                                              SHA1:C5C005C29A80493F5C31CD7EB629AC1B9C752404
                                                                                                                              SHA-256:1FBEA394E634630894CF72DE02DF1846F32F3BB2067B3CB596700E4DD923F4B5
                                                                                                                              SHA-512:B686236EEE055C97A96F5E31A2EE7CE57EED04C2175235CEB19F9F56ABFD22DB6FDCADE8C5D4BA7B656D69E923A1C5844C06DC959A4A915E215FB0ACE377B114
                                                                                                                              Malicious:false
                                                                                                                              Preview:Algorithm=SHA-256..14E6D2764A4B06701C6CBC376A253775F79C782FBCB6C0EE6F99DE4BA1024ADD..31C8FD37DB9B56E708B03D1F01848B068C6DA66F36FB5D82C008C6040FA3E133..3946901F46B0071E90D78279E82FABABCA177231A704BE72C5B0E8918566EA66..450F1B421BB05C8609854884559C323319619E8B06B001EA2DCBB74A23AA3BE2..4CBBF8256BC9888A8007B2F386940A2E394378B0D903CBB3863C5A6394B889CE..4FEE0163686ECBD65DB968E7494F55D84B25486D438E9DE558D629D28CD4D176..5E83124D68D24E8E177E306DF643D5EA99C5A94D6FC34B072F7544A1CABB7C7B..76A45A496031E4DD2D7ED23E8F6FF97DBDEA980BAAC8B0BA94D7EDB551348645..8A1BD21661C60015065212CC98B1ABB50DFD14C872A208E66BAE890F25C448AF..9ED8F9B0E8E42A1656B8E1DD18F42BA42DC06FE52686173BA2FC70E756F207DC..A686FEE577C88AB664D0787ECDFFF035F4806F3DE418DC9E4D516324FFF02083..B8686723E415534BC0DBD16326F9486F85B0B0799BF6639334E61DAAE67F36CD..D24566BF315F4E597D6E381C87119FB4198F5E9E2607F5F4AB362EF7E2E7672F..D3A936E1A7775A45217C8296A1F22AC5631DCDEC45594099E78EEEBBEDCBA967..DF21016B00FC54F9FE3BC8B039911BB216E9162FAD2FD14D990AB96E9

                                                                                                                              C:\Program Files\WasabiWallet\jre\lib\security\cacerts

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Java KeyStore
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):103689
                                                                                                                              Entropy (8bit):7.599204528109174
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:j1asbexfOVsSF0t5ysHoXb8HPdntk6ulyjpV++ajp:jLbhB0t5yWc8vdnt6lyjpQ9
                                                                                                                              MD5:A3AB832BA96C9E62126D65C47FD5361E
                                                                                                                              SHA1:FE4D11BAC5DBD5EFCA64453BF8ADC386B954A9DF
                                                                                                                              SHA-256:408B5156B6F2D339F8506F77F72B97B887C993E915460D3FF2159F37297A982C
                                                                                                                              SHA-512:0D0D471600CEA7949FC87C81B8A9BFEBE7E0563A5EBA9FDB00B766A4D0EFD1EFF9B0236AA1EBF92A0B2C57A1CEAC8FCE360709F614BC4EC68A30AD4193346E0F
                                                                                                                              Malicious:false
                                                                                                                              Preview:...........]......verisignclass2g2ca [jdk]...c......X.509....0...0..l..../`...zF..[pl..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1<0:..U...3Class 2 Public Primary Certification Authority - G21:08..U...1(c) 1998 VeriSign, Inc. - For authorized use only1.0...U....VeriSign Trust Network0...980518000000Z..280801235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1<0:..U...3Class 2 Public Primary Certification Authority - G21:08..U...1(c) 1998 VeriSign, Inc. - For authorized use only1.0...U....VeriSign Trust Network0..0...*.H............0.........!t,.....<.!.........._R...,.V,..i,......y...9.{...,...,.i......B.#OJ.....1l..o.'....Lx.m.F.....T...F.Z..0..l.-.m..w.....0...*.H............r.....q....^Q.@..h.........f./.....+..$`.MD....-..xior.l...c.7..0..w.I5.......GsjT"4d-...Y[.QY:......g...2d^.Fr'..{.D........digicertassuredidg3 [jdk]...`..w...X.509...J0..F0...........Z....ID..$.l.0...*.H.=...0e1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1$0"..

                                                                                                                              C:\Program Files\WasabiWallet\jre\lib\security\default.policy

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):9841
                                                                                                                              Entropy (8bit):4.6996757684669825
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:96:ybf+/iEsL5edlCzUlriOGlqly96l0dh2IdqKY1au1lgh29:S+KePCzUriOGlGy92wQ9KY1auHgQ9
                                                                                                                              MD5:3F1E2C27662B002B2F22B55FE6F0FF87
                                                                                                                              SHA1:F9D7F52E30E5CD422D2B8A9F4F95655AD1C08720
                                                                                                                              SHA-256:46D6606A69170C8CD2AC3EA2A014E3E68A13E4D6F48EE137C2670B39EC3D0B7F
                                                                                                                              SHA-512:D690B5D13C9E5A914CBF4B1E94A61B531C261D202A5A13D2E39F27C94A1A3F899C31B1752E5CD7FB47E05A2061E0CE05802D30AEFD8D208C8CAAE16CEE859928
                                                                                                                              Malicious:false
                                                                                                                              Preview://.// Permissions required by modules stored in a run-time image and loaded.// by the platform class loader..//.// NOTE that this file is not intended to be modified. If additional.// permissions need to be granted to the modules in this file, it is.// recommended that they be configured in a separate policy file or.// ${java.home}/conf/security/java.policy..//...grant codeBase "jrt:/java.compiler" {. permission java.security.AllPermission;.};...grant codeBase "jrt:/java.net.http" {. permission java.lang.RuntimePermission "accessClassInPackage.sun.net";. permission java.lang.RuntimePermission "accessClassInPackage.sun.net.util";. permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www";. permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc";. permission java.net.SocketPermission "*","connect,resolve";. permission java.net.URLPermission "http:*","*:*";. permission java.net.URLPermission "https:*","*:*";. permission ja

                                                                                                                              C:\Program Files\WasabiWallet\jre\lib\security\public_suffix_list.dat

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):236868
                                                                                                                              Entropy (8bit):5.056083989309755
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:U9H9Qan4rxolgMPWBW7gdZ9lK0EhCDBzmgOJAbhst6YviUORcZ6iQI0mGxz/8xQ9:U9H9Qaz7mZ9ll4Q7C127RdyJ0
                                                                                                                              MD5:63C58208B50553108EDE4FC1A34AB30C
                                                                                                                              SHA1:79FB1127FAB72522DED2579990F19665E83230EC
                                                                                                                              SHA-256:084458537185933F3BE22B25F6D2950AA086A7D990E68E4A004BFA1D09B34C41
                                                                                                                              SHA-512:9D917FC8267B5BBC66E70D9D30684AD496F482C4F8087D4A323DD508A1C70B5A9BE7CFF1E32C67DAFDFF3BBF60D2AE5E1D140755F670BD9C9207BB156447A721
                                                                                                                              Malicious:false
                                                                                                                              Preview:PK..........!.................aaaUT.......cHLL....PK..|Yd.........PK..........!.................aarpUT.......cHL,*....PK..h.*:........PK..........!.................abarthUT.......cHLJ,*.....PK....9Q........PK..........!.................abbUT.......cHLJ....PK...H..........PK..........!.................abbottUT.......cHLJ./)....PK.....Z........PK..........!.................abbvieUT.......cHLJ*.L....PK..ht..........PK..........!.................abcUT.......cHLJ....PK..."U.........PK..........!.................ableUT.......cHL.I....PK.............PK..........!.................abogadoUT.......cHL.OOL.....PK..^|.T........PK..........!.................abudhabiUT.......cHL*M.HL.....PK..<...........PK..........!.................acUT.......cHL..bH....3RSJ!...2.#/......0.....PK....2S%...;...PK..........!.................academyUT.......cHLNLI...b.OK.L.L.....PK...k;.........PK..........!.................accentureUT.......cHLNN.+)-J....PK.............PK..........!.................accountantUT

                                                                                                                              C:\Program Files\WasabiWallet\jre\lib\server\Xusage.txt

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1322
                                                                                                                              Entropy (8bit):4.207782501602353
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:N3ZYKm8fuW6pstdXIkA2SsGFhD+GbpGCOhLRr3n:mOLUs3YtsGFV+GbpGCOTr
                                                                                                                              MD5:3D780DD3BF8219E52483ED6AC3A17A50
                                                                                                                              SHA1:E4DFF259D66551CF1BF80C26DEE51D241E998855
                                                                                                                              SHA-256:3EDC3CDD94EBC53F45786C57777ED338C27B0BC89145F6F0FBE21D176F4CD9E8
                                                                                                                              SHA-512:5A85EA3A5A6C5341967DDFCAB2C29D2485910B27C61953856C14FCBD6CEC6019D9FD7A3FACF5374EDE71189E88563ED719DAD66EC3F64DEB679FFF8B142649E7
                                                                                                                              Malicious:false
                                                                                                                              Preview: -Xmixed mixed mode execution (default). -Xint interpreted mode execution only. -Xbootclasspath:<directories and zip/jar files separated by ;>. set search path for bootstrap classes and resources. -Xbootclasspath/a:<directories and zip/jar files separated by ;>. append to end of bootstrap class path. -Xbootclasspath/p:<directories and zip/jar files separated by ;>. prepend in front of bootstrap class path. -Xnoclassgc disable class garbage collection. -Xlog:<opts> control JVM logging, use -Xlog:help for details. -Xbatch disable background compilation. -Xms<size> set initial Java heap size. -Xmx<size> set maximum Java heap size. -Xss<size> set java thread stack size. -Xfuture enable strictest checks, anticipating future default. -Xrs reduce use of OS signals by Java/VM (see documentation). -Xcheck:j

                                                                                                                              C:\Program Files\WasabiWallet\jre\lib\tzdb.dat

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):105734
                                                                                                                              Entropy (8bit):7.120913230452644
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:70UbidI/NSrCULrZ1i6xp60lnLzCGzVS/////lmtTSMNGxPj39aU4Sbr:7rEI/NSrRrS0lnfCGRJTSdZsc
                                                                                                                              MD5:D3202C3D60CA43FD090D5F5159E300A3
                                                                                                                              SHA1:0470042EA7BAA1E0B833CF6476AC93991639A100
                                                                                                                              SHA-256:892F7E8E61AE28FCEF0D5B6CB4EAA7513B7998992D59E005F87674CC28B7F448
                                                                                                                              SHA-512:57AF8527301582C068560B5582F788B649BA9484242C0B5DABEE187C5AA06937E0855FBF8EDA0D75E079E391B34F533DFA4B9F6FC0E5DEDAED823D336404AC5F
                                                                                                                              Malicious:false
                                                                                                                              Preview:...TZDB....2018g.W..Africa/Abidjan..Africa/Accra..Africa/Addis_Ababa..Africa/Algiers..Africa/Asmara..Africa/Asmera..Africa/Bamako..Africa/Bangui..Africa/Banjul..Africa/Bissau..Africa/Blantyre..Africa/Brazzaville..Africa/Bujumbura..Africa/Cairo..Africa/Casablanca..Africa/Ceuta..Africa/Conakry..Africa/Dakar..Africa/Dar_es_Salaam..Africa/Djibouti..Africa/Douala..Africa/El_Aaiun..Africa/Freetown..Africa/Gaborone..Africa/Harare..Africa/Johannesburg..Africa/Juba..Africa/Kampala..Africa/Khartoum..Africa/Kigali..Africa/Kinshasa..Africa/Lagos..Africa/Libreville..Africa/Lome..Africa/Luanda..Africa/Lubumbashi..Africa/Lusaka..Africa/Malabo..Africa/Maputo..Africa/Maseru..Africa/Mbabane..Africa/Mogadishu..Africa/Monrovia..Africa/Nairobi..Africa/Ndjamena..Africa/Niamey..Africa/Nouakchott..Africa/Ouagadougou..Africa/Porto-Novo..Africa/Sao_Tome..Africa/Timbuktu..Africa/Tripoli..Africa/Tunis..Africa/Windhoek..America/Adak..America/Anchorage..America/Anguilla..America/Antigua..America/Araguaina..America/

                                                                                                                              C:\Program Files\WasabiWallet\jre\lib\tzmappings

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):21963
                                                                                                                              Entropy (8bit):4.975233941413236
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:192:3nqW46ARn1+RQ7wbNKQSXbapvQZglEvCDqvOCnqGit3yzA6bxHOimYXKhxwBl:3nqW46ARnGQqNXKhvQkqZa7l
                                                                                                                              MD5:E3BF8B58083C33E25BB34919E0953E20
                                                                                                                              SHA1:6213CDE9CE45836D520C78B248C16B97FC50AFB2
                                                                                                                              SHA-256:A8C1C6DD37BFEE005AB6D1D589CF92F769C36726566AFC2493326C444B86684F
                                                                                                                              SHA-512:7A7DB2834B5197FAB1D260D7240EEFF1F7FC2FACF05C7A882B455A30BCC761DD312916CEC06A6B64B44C82302283B938B052333D4CAC762E20C464401F331C20
                                                                                                                              Malicious:false
                                                                                                                              Preview:AUS Central Standard Time:AU:Australia/Darwin:..AUS Central Standard Time:001:Australia/Darwin:..AUS Eastern Standard Time:AU:Australia/Sydney:..AUS Eastern Standard Time:001:Australia/Sydney:..Afghanistan Standard Time:AF:Asia/Kabul:..Afghanistan Standard Time:001:Asia/Kabul:..Alaskan Standard Time:US:America/Anchorage:..Alaskan Standard Time:001:America/Anchorage:..Aleutian Standard Time:US:America/Adak:..Aleutian Standard Time:001:America/Adak:..Altai Standard Time:RU:Asia/Barnaul:..Altai Standard Time:001:Asia/Barnaul:..Arab Standard Time:BH:Asia/Bahrain:..Arab Standard Time:KW:Asia/Kuwait:..Arab Standard Time:QA:Asia/Qatar:..Arab Standard Time:SA:Asia/Riyadh:..Arab Standard Time:YE:Asia/Aden:..Arab Standard Time:001:Asia/Riyadh:..Arabian Standard Time:AE:Asia/Dubai:..Arabian Standard Time:OM:Asia/Muscat:..Arabian Standard Time:ZZ:Etc/GMT-4:..Arabian Standard Time:001:Asia/Dubai:..Arabic Standard Time:IQ:Asia/Baghdad:..Arabic Standard Time:001:Asia/Baghdad:..Argentina Standard Time

                                                                                                                              C:\Program Files\WasabiWallet\jre\release

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:ASCII text, with very long lines (723), with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):748
                                                                                                                              Entropy (8bit):4.586290647231176
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:GWNc/62jNVP8bT36OZtQFyJC6Txh0q5BYEj53:GWNMNVP8bT3JqgJzTWC53
                                                                                                                              MD5:6A5075A731A5F56E5489330B3E1AFC15
                                                                                                                              SHA1:EA30F8AC1E6303A86C8799F4E32EC2D0FD35DA2A
                                                                                                                              SHA-256:BE32FFD949F4C3E19956B72B63F1680B9F8566FD5529191DA34311EDDEFA76F7
                                                                                                                              SHA-512:E668D6DE32D7AD6CB1868CBFEE94DB499B47D24C3BCD3A7EEB9A9C6B9C754978C8488DB2DEE4F6F291756F942A50262CA6E250D44999EBA6598EDD0244EE5375
                                                                                                                              Malicious:false
                                                                                                                              Preview:JAVA_VERSION="12.0.1"..MODULES="java.base java.compiler java.datatransfer java.xml java.prefs java.desktop java.instrument java.logging java.management java.security.sasl java.naming java.rmi java.management.rmi java.net.http java.scripting java.security.jgss java.transaction.xa java.sql java.sql.rowset java.xml.crypto java.se java.smartcardio jdk.accessibility jdk.charsets jdk.crypto.ec jdk.crypto.cryptoki jdk.dynalink jdk.httpserver jdk.internal.vm.ci jdk.management jdk.unsupported jdk.internal.vm.compiler jdk.internal.vm.compiler.management jdk.jdwp.agent jdk.jfr jdk.jsobject jdk.localedata jdk.management.agent jdk.management.jfr jdk.naming.dns jdk.naming.rmi jdk.net jdk.sctp jdk.security.auth jdk.security.jgss jdk.xml.dom jdk.zipfs"..

                                                                                                                              C:\Program Files\WasabiWallet\libHarfBuzzSharp.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1607088
                                                                                                                              Entropy (8bit):6.655888616147798
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:PBy4VCDmxqVx/1hlcsHI7woyGYdwENWa6m4ys:aQkPNWMs
                                                                                                                              MD5:F121A2AFB03F1B8CA1784E544464A346
                                                                                                                              SHA1:9346297A66989DBE88BC459EE8BF936E7ACB3D24
                                                                                                                              SHA-256:F13D0DAE00A598620A436FD991219A2E0FE6157EAC90FAA025D4D76845CD996C
                                                                                                                              SHA-512:EBBB8C2D7D97521286AF0F6B02195890B193E660A28E6B1E5112ED9F1FCC081C66587A7A82C8A9468D1A55D477880487D1B3EDF1DEB2EA285E17D70FBD56C6F1
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......j.t.............]...<...]...!...]......|...!...|..."...|.......]...-............./....../....../....../...Rich....................PE..d...$%.e.........." .....p...........................................................(....`..............................................G...^..(...............P....^...'..............p...........................p...8............................................text....n.......p.................. ..`.rdata...............t..............@..@.data....*...p.......\..............@....pdata..P............r..............@..@_RDATA..0............P..............@..@.rsrc................R..............@..@.reloc...............T..............@..B................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\libSkiaSharp.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):9414064
                                                                                                                              Entropy (8bit):6.501869028292101
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:98304:cjRZLtqNj1xK+Re5fNMVlgpANGuRsUCn+ovoZOXe:oZL8NabV0fGkNee
                                                                                                                              MD5:6B5E769126B4D38601DF662BD08E7163
                                                                                                                              SHA1:C799C7C3B8209468BB4047B4783F691537D717E9
                                                                                                                              SHA-256:3268B1B2DE384D00ED77431FE8A1F053D2C69EEE25D07DCFC352491570D63B52
                                                                                                                              SHA-512:168C4A5981AA6513BACAA459BAC26A3033315A677547EAA01D901B75E46BAEF91C6FD63185629A3A218A643FCACFA86AE36B8A5313E11F3BCD311BF4B0C61C6F
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........." .....bq..........gn......................................`.......9....`...........................................y.....vz.d..............4....~...'......,k..p.y.......................v.(.... v.8............zz..............................text....aq......bq................. ..`.rdata........q......fq.............@..@.data....<...........l..............@....pdata..4...........@..............@..@.00cfg..(...........................@..@.gehcont8...........................@..@.tls....!...........................@....voltbl.>.............................._RDATA..............................@..@.reloc..,k.......l..................@..B........................................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\mscordaccore.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1337248
                                                                                                                              Entropy (8bit):6.36077505792916
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:hP2pT6uMEGw7PYhLcEb2rdI7stWAlhaCZ:u2uMEGw7PpEb2rdIwtplh/Z
                                                                                                                              MD5:36C1C04AC7C237A790DAFA2328C3E5E9
                                                                                                                              SHA1:C613AD3FCA9D22B3FE992FD16492EEB39E409D7F
                                                                                                                              SHA-256:2AAB6374A0A6D7F52DE5B7D8BC600C49B432B6983E7F8CD5780455046B01369B
                                                                                                                              SHA-512:18805C45F1E17D2FEBCDF95291FA14CF98FE103215EB77775B9F485E0DA1494015A83EF22DA4F66C1DBC179E812C089B907619A2C2878F675FEFBEE7CB3CD906
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6A..W/..W/..W/../...W/..W/..W/.%.*..W/.%.+..W/.%.,..W/../+..W/../...W/..W..OW/...&._W/.../..W/.....W/...-..W/.Rich.W/.........PE..d....O.e.........." ...'.b...........................................................1....`A.........................................c..p...pd.......p...............B...%..............p.......................(...P...@............................................text....`.......b.................. ..`.rdata..&............f..............@..@.data................Z..............@....pdata...............h..............@..@_RDATA.......`......................@..@.rsrc........p....... ..............@..@.reloc...............&..............@..B........................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\mscordaccore_amd64_amd64_8.0.324.11423.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1337248
                                                                                                                              Entropy (8bit):6.36077505792916
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:hP2pT6uMEGw7PYhLcEb2rdI7stWAlhaCZ:u2uMEGw7PpEb2rdIwtplh/Z
                                                                                                                              MD5:36C1C04AC7C237A790DAFA2328C3E5E9
                                                                                                                              SHA1:C613AD3FCA9D22B3FE992FD16492EEB39E409D7F
                                                                                                                              SHA-256:2AAB6374A0A6D7F52DE5B7D8BC600C49B432B6983E7F8CD5780455046B01369B
                                                                                                                              SHA-512:18805C45F1E17D2FEBCDF95291FA14CF98FE103215EB77775B9F485E0DA1494015A83EF22DA4F66C1DBC179E812C089B907619A2C2878F675FEFBEE7CB3CD906
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6A..W/..W/..W/../...W/..W/..W/.%.*..W/.%.+..W/.%.,..W/../+..W/../...W/..W..OW/...&._W/.../..W/.....W/...-..W/.Rich.W/.........PE..d....O.e.........." ...'.b...........................................................1....`A.........................................c..p...pd.......p...............B...%..............p.......................(...P...@............................................text....`.......b.................. ..`.rdata..&............f..............@..@.data................Z..............@....pdata...............h..............@..@_RDATA.......`......................@..@.rsrc........p....... ..............@..@.reloc...............&..............@..B........................................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\mscordbi.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1241624
                                                                                                                              Entropy (8bit):6.356146422096278
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:QCCV5dJO5TvDtRTOWI0CLpRtsojOYIxOU:RCV5ihtRTHI0CLpTsojOYIN
                                                                                                                              MD5:917A228BED1CA5F2B62F5D2D6C8BADFB
                                                                                                                              SHA1:4073B180B1F7D40F0F559556F03A5C28513FF225
                                                                                                                              SHA-256:AC34CFF096D2C0D1904A3FF08B5E2DED3E1758CD4CEBDC78350993ACC69076C0
                                                                                                                              SHA-512:3302ED56DF263295DD307496E5AE2A9F2FC0E185CE10C2A209AA8695B4BF9039BD96CDD546F8936E78B6982760A85D39EFAD7EF7CCC327381953DE549D98E0E9
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E..+..+..+......+..+..+......+.../..+...(..+../..+..*..+..*.h.+...(..+..."..+...+..+......+...)..+.Rich.+.........................PE..d....O.e.........." ...'.............0.......................................0............`A............................................`....................P...........&......p...P:..p....................<..(....9..@............ ...............................text............................... ..`.rdata..h.... ......................@..@.data........0......................@....pdata.......P......................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..p...........................@..B................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\mscorlib.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):59552
                                                                                                                              Entropy (8bit):5.641054125182006
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:1t51EDMpCUoqFY66Gw17oqZn/TEHmyrchswz6EEZcYf5o4ba2yGlG1QeY48lCi7U:1tFcC3ZcYf5o4bZyGc1A4c7+IinzhXX
                                                                                                                              MD5:C4F97DE997F823608B296215668F3ECF
                                                                                                                              SHA1:A09CED5B9905CECFEB24810682A45E448963A852
                                                                                                                              SHA-256:553470EA242D3293591143E16FDD6F1B1C826581B078F3720AEBEC216C255D25
                                                                                                                              SHA-512:E6E37C82548157C9716286C27C150B2796AF0A79616E22C2F358D30949EEEBFBDCA6F038087D88CD85AB0DD6BC18EF1A5C1D1FEDDA71E25DEE0C137A4AFF1FBE
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Y............" ..0.................. ........... ....................... ............`.................................q...O.......$................(..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...$...........................@..@.reloc..............................@..B........................H.......P ..................... .......................................BSJB............v4.0.30319......l...$O..#~...O..(b..#Strings............#US.........#GUID..........#Blob......................3................................e.....b/........L%.O...).O....RO..EP.......+..:.:4..J$:4...&S0...+.O...%.O...(:4...&:4...":4....:4....:4..U&:4....:4.................N.....N.....N..)..N..1..N..9..N..A..N..Q..N .Y..N..a..N..i..N..q..N..y..N.....N.....N......R.....[.....z...#.....+.

                                                                                                                              C:\Program Files\WasabiWallet\mscorrc.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):136880
                                                                                                                              Entropy (8bit):3.898765781308136
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:cIoM91YWvh7xR+l5dZU49N9SqignwJ5cvBMgSIctpoECydyzli:cIoUal5dZU4dSqHns2SpSkU8
                                                                                                                              MD5:FD9E5A51264B57FF7DB3011C1E77853D
                                                                                                                              SHA1:5C3BC236F2E51A53779281C9E511C94F94446BEE
                                                                                                                              SHA-256:F409BBDC800BD03EEB53097B2461CF8A96EEBBD2CF1168E4D61C29298B02D8F3
                                                                                                                              SHA-512:D288F37E5145D68871088696EA3E28B0AD14AE092868BF868E91626C3EF61DDE640B70BDB487A6371B564BE3C02740716F48E175F8FA805608166F401C652659
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]=..<S..<S..<S....<S..Q..<S.Rich.<S.PE..d....O.e.........." ...'............................................................b.....`.......................................................... ...................(..............T............................................................................rdata..X...........................@..@.rsrc........ ......................@..@.....O.e........j...l...l........O.e.........................O.e........l...................................RSDS.....k5F..@..S.d....D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscorrc\mscorrc.pdb...............................T....rdata..T........rdata$voltmd...l........rdata$zzzdbg.... ..P....rsrc$01....P:.......rsrc$02....................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\msquic.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):488480
                                                                                                                              Entropy (8bit):6.299792964597191
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:qM8L62rUZ3V4QMs3R4FPINTEB3KFKFBUbwiTtWvtIH2BxVEyQE8ZCgsoLG8rvkE:qMa6BZ3VvR9k3ipbwihWv2H2+np
                                                                                                                              MD5:8904BB8725D5B0C55616935F6C88867B
                                                                                                                              SHA1:0BC6A7B193A94445BC6282C7BA1AD1E75F1713FF
                                                                                                                              SHA-256:815CACE3B79BB313909AC8B2DA1A63E747AC3A2C426ECF92FD2A77454D225A9F
                                                                                                                              SHA-512:8765971BE2386277F1D8F09362CCD4DBBB7E87C14687F30F0436ABF174DD9124B764397CB0B06B54A20B200FA20EA09486392B3AC0412495E48D945F39FCCEBD
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........d.............h.......h.......h................................d..........................................Rich............................PE..d.....e.........." ...#............`I....................................................`A............................................h.......@....`...1.......9...L.. (..............T...........................p...@...............P............................text............................... ..`.rdata...'.......(..................@..@.data...............................@....pdata...9.......:..................@..@_RDATA.......P......................@..@.rsrc....1...`...2..................@..@.reloc...............J..............@..B........................................................................................................................................................................................

                                                                                                                              C:\Program Files\WasabiWallet\netstandard.dll

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):101128
                                                                                                                              Entropy (8bit):5.502223641479386
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:lYsYXj0p2NYq5V4bgDHsPdIpuSE5L3Ukcz9wI8wr9ixC4dezJY:OMkYe4bgDUAxCIprIIO
                                                                                                                              MD5:9127980369012450E1B78BF84FCE11F2
                                                                                                                              SHA1:E96C8AA968DCF436154B1B420BBF1B038687A290
                                                                                                                              SHA-256:58A4CB7CE9D82769C985E8A50F5C379FED8CCA7B965E9E4EBE6C91337E4D48B4
                                                                                                                              SHA-512:E6A618AA01A6A217BDB38227817F7AABE9C3144CAB02011E3F0EA14DC2A5DE0FC6311F44857B761D1F7F169F7456D20983F78AE704161C09138213B875DC3148
                                                                                                                              Malicious:true
                                                                                                                              Yara Hits:
                                                                                                                              • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\WasabiWallet\netstandard.dll, Author: Joe Security
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0..X...........v... ........... ..............................T.....`.................................?v..O.......4............b...)..........hu..T............................................ ............... ..H............text....V... ...X.................. ..`.rsrc...4............Z..............@..@.reloc...............`..............@..B................sv......H.......P ...T...................t......................................BSJB............v4.0.30319......l...`...#~..... ...#Strings.....Q......#US..Q......#GUID....R......#Blob......................3............................P...,......H.........5....:....'...m......,.@..5#.T..P4.T...7.J...B....i5....u:.T..n7.T..&1.T.....T.../.T..(7.T...(.T.............................)....1....9....A....Q.. .Y....a....i....q....y..........................................

                                                                                                                              C:\Program Files\WasabiWallet\wassabee.exe

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):266752
                                                                                                                              Entropy (8bit):5.968802251095274
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6144:LiS4ompB9S3BZi0a1G78IVjcQctGvMeQVCbHAm:LyB0aI78IVbE0
                                                                                                                              MD5:3D2774B383648DEAA4BFE4638CE766A2
                                                                                                                              SHA1:B0604B1BF776DEEEBEFE80D41E294181619A4020
                                                                                                                              SHA-256:51FD5692565D4108EB6AE859B727686EF3EA6CAD1B3D5B8509E55E642E1424AE
                                                                                                                              SHA-512:DDE12C3275E967FB3B92511684D682118A62FD176EB26AAD77B92C8B369C8364F4BB3C5E763CC0D6BF450D9F8CFB9FA30B5BD377921C6B44FDE0420BE8E16929
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........................HY.....HY.....HY......i..............C...Z.....Z.....Rich....................PE..d......e.........."....'.j..........`..........@.............................p............`.................................................$................@...............p......0...T.......................(.......@............................................text...\i.......j.................. ..`.rdata..............n..............@..@.data...P.... ......................@....pdata.......@......................@..@_RDATA.......`......."..............@..@.reloc.......p.......$..............@..B.rsrc................(..............@..@........................................................................................................................................................................................................................

                                                                                                                              C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WasabiWallet\Wasabi Wallet.lnk

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Fri Sep 27 10:03:24 2024, mtime=Tue Oct 1 21:32:59 2024, atime=Fri Sep 27 10:03:24 2024, length=266752, window=hide
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):2000
                                                                                                                              Entropy (8bit):3.56154791466122
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:8L+PQdu5S711AsFQwdwJdi+MjsXkeSajEfp4WjsX0JQbnayfm:8L+Idu5SeshdwJdi5oXkeSaZWoXhnh
                                                                                                                              MD5:7715910D581D84E1C03DDB07E36181BB
                                                                                                                              SHA1:B8D2D8157042E564646220B316F9E430739D0B57
                                                                                                                              SHA-256:B0E3BDC864DB5F08DD747B16E01B24ED51C96D63A7FA46FD7808F5C7B9AED302
                                                                                                                              SHA-512:E631B38558181E87A24F295EACC1D54D82B3FAF6C5AEC715628942A415240E112791F0AA92750FCCE390B6F7D55D245CA2E53BF2C24D893059B4401A3CEF08CA
                                                                                                                              Malicious:false
                                                                                                                              Preview:L..................F.@.. ...........6./.Q........................................P.O. .:i.....+00.../C:\.....................1.....BY8...PROGRA~1..t......O.IBY8.....B...............J......H..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....b.1.....BY@...WASABI~1..J......BY8.BY@...............................W.a.s.a.b.i.W.a.l.l.e.t.....f.2.....;YlX .wassabee.exe..J......;YlXAY ......T........................w.a.s.s.a.b.e.e...e.x.e.......Y...............-.......X.............^.....C:\Program Files\WasabiWallet\wassabee.exe....P.r.i.v.a.c.y. .f.o.c.u.s.e.d. .B.i.t.c.o.i.n. .w.a.l.l.e.t...9.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.a.s.a.b.i.W.a.l.l.e.t.\.w.a.s.s.a.b.e.e...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.a.s.a.b.i.W.a.l.l.e.t.\.D.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.7.E.2.7.3.4.7.D.-.8.3.8.4.-.4.6.C.E.-.9.0.2.E.-.1.A.7.B.1.B.B.1.8.A.D.F.}.\.i.c.o.n...i.c.o.........%SystemRoot%\Installer\{7E27347D-8384-46CE-902E-1A7B1BB18A

                                                                                                                              C:\Users\Public\Desktop\Wasabi Wallet.lnk

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Fri Sep 27 10:03:24 2024, mtime=Tue Oct 1 23:09:59 2024, atime=Fri Sep 27 10:03:24 2024, length=266752, window=hide
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1982
                                                                                                                              Entropy (8bit):3.5622428053817337
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:8Loyddu5jIes8dwJdi5oXkeSaZWoXhnh:8LoyeFKq5oPZWo
                                                                                                                              MD5:FDEAE83D1FA363A85AADAF9E432CB792
                                                                                                                              SHA1:63B8936675EB6249D78351258F000193137F3528
                                                                                                                              SHA-256:0AC871ACE10822E4E60B98E66421313F6D5CDE3723AD2CF514D51E0F626A6538
                                                                                                                              SHA-512:39A2EB52B86422598BF3DBFFAE83030592C17C1DD211788AFF954E690074624E358B835DFDDC66F721076EC6F6CF58DD7E9578C00E321829038F0C99CCF61190
                                                                                                                              Malicious:false
                                                                                                                              Preview:L..................F.@.. .............k_........................................P.O. .:i.....+00.../C:\.....................1.....BY8...PROGRA~1..t......O.IBY8.....B...............J......H..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....b.1.....BY@...WASABI~1..J......BY8.BY@............................Q..W.a.s.a.b.i.W.a.l.l.e.t.....f.2.....;YlX .wassabee.exe..J......;YlXBY@......T........................w.a.s.s.a.b.e.e...e.x.e.......Y...............-.......X.............^.....C:\Program Files\WasabiWallet\wassabee.exe....P.r.i.v.a.c.y. .f.o.c.u.s.e.d. .B.i.t.c.o.i.n. .w.a.l.l.e.t...0.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.a.s.a.b.i.W.a.l.l.e.t.\.w.a.s.s.a.b.e.e...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.a.s.a.b.i.W.a.l.l.e.t.\.D.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.7.E.2.7.3.4.7.D.-.8.3.8.4.-.4.6.C.E.-.9.0.2.E.-.1.A.7.B.1.B.B.1.8.A.D.F.}.\.i.c.o.n...i.c.o.........%SystemRoot%\Installer\{7E27347D-8384-46CE-902E-1A7B1BB18ADF}\icon.ico......

                                                                                                                              C:\Users\user\AppData\Local\Temp\MSI1F67.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):898912
                                                                                                                              Entropy (8bit):6.596353619858583
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:y//vq14OUaH0yxgC91E1h0lhSMXldU5Fr2CB6b0Wk6:y/Y02gCQsG592CB6b0Wk6
                                                                                                                              MD5:A67ACB81551A030E01CDA17FA4732580
                                                                                                                              SHA1:9F6B54919EE967FDDF20E74714049B8C13640083
                                                                                                                              SHA-256:107FD7EE1EAF17C27B4ED25990ACACE2CB51F8D39F4DFC8EF5A3DF03D02E1D34
                                                                                                                              SHA-512:30CC0870797220E23AF40D5F50A9CE823C1120FBA821FF15E057587C2A91C7247058E9A8479088047B9DC908C5176793E6F3CCD066DA30BD80E1179649B2F346
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........v+V..xV..xV..x...y]..x...y...x.9.yD..x.9.yN..x...yO..x.9.y7..x...yW..x...yA..xV..x>..x.:.y...x.:.yW..x.:.xW..xV..xW..x.:.yW..xRichV..x................PE..L...J..f.........."!...'.............G...............................................}....@A................................X........0..h............z..`=...@..$......p...............................@.......................@....................text...j........................... ..`.rdata........... ..................@..@.data... '..........................@....didat..H.... ......................@....rsrc...h....0......................@..@.reloc..$....@......................@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\MSI1FB6.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):898912
                                                                                                                              Entropy (8bit):6.596353619858583
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:y//vq14OUaH0yxgC91E1h0lhSMXldU5Fr2CB6b0Wk6:y/Y02gCQsG592CB6b0Wk6
                                                                                                                              MD5:A67ACB81551A030E01CDA17FA4732580
                                                                                                                              SHA1:9F6B54919EE967FDDF20E74714049B8C13640083
                                                                                                                              SHA-256:107FD7EE1EAF17C27B4ED25990ACACE2CB51F8D39F4DFC8EF5A3DF03D02E1D34
                                                                                                                              SHA-512:30CC0870797220E23AF40D5F50A9CE823C1120FBA821FF15E057587C2A91C7247058E9A8479088047B9DC908C5176793E6F3CCD066DA30BD80E1179649B2F346
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........v+V..xV..xV..x...y]..x...y...x.9.yD..x.9.yN..x...yO..x.9.y7..x...yW..x...yA..xV..x>..x.:.y...x.:.yW..x.:.xW..xV..xW..x.:.yW..xRichV..x................PE..L...J..f.........."!...'.............G...............................................}....@A................................X........0..h............z..`=...@..$......p...............................@.......................@....................text...j........................... ..`.rdata........... ..................@..@.data... '..........................@....didat..H.... ......................@....rsrc...h....0......................@..@.reloc..$....@......................@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\MSI23AF.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:modified
                                                                                                                              Size (bytes):898912
                                                                                                                              Entropy (8bit):6.596353619858583
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:y//vq14OUaH0yxgC91E1h0lhSMXldU5Fr2CB6b0Wk6:y/Y02gCQsG592CB6b0Wk6
                                                                                                                              MD5:A67ACB81551A030E01CDA17FA4732580
                                                                                                                              SHA1:9F6B54919EE967FDDF20E74714049B8C13640083
                                                                                                                              SHA-256:107FD7EE1EAF17C27B4ED25990ACACE2CB51F8D39F4DFC8EF5A3DF03D02E1D34
                                                                                                                              SHA-512:30CC0870797220E23AF40D5F50A9CE823C1120FBA821FF15E057587C2A91C7247058E9A8479088047B9DC908C5176793E6F3CCD066DA30BD80E1179649B2F346
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........v+V..xV..xV..x...y]..x...y...x.9.yD..x.9.yN..x...yO..x.9.y7..x...yW..x...yA..xV..x>..x.:.y...x.:.yW..x.:.xW..xV..xW..x.:.yW..xRichV..x................PE..L...J..f.........."!...'.............G...............................................}....@A................................X........0..h............z..`=...@..$......p...............................@.......................@....................text...j........................... ..`.rdata........... ..................@..@.data... '..........................@....didat..H.... ......................@....rsrc...h....0......................@..@.reloc..$....@......................@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\MSIB3F8.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):925800
                                                                                                                              Entropy (8bit):6.5962529078695535
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:fuPYAGxUherZNh0lhSMXlrI5s2JK5kmwE:2P5Ferq7I5RJK5k1E
                                                                                                                              MD5:421643EE7BB89E6DF092BC4B18A40FF8
                                                                                                                              SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                                                                                                                              SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                                                                                                                              SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\MSIB476.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):925800
                                                                                                                              Entropy (8bit):6.5962529078695535
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:fuPYAGxUherZNh0lhSMXlrI5s2JK5kmwE:2P5Ferq7I5RJK5k1E
                                                                                                                              MD5:421643EE7BB89E6DF092BC4B18A40FF8
                                                                                                                              SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                                                                                                                              SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                                                                                                                              SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\MSIB4E4.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):925800
                                                                                                                              Entropy (8bit):6.5962529078695535
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:fuPYAGxUherZNh0lhSMXlrI5s2JK5kmwE:2P5Ferq7I5RJK5k1E
                                                                                                                              MD5:421643EE7BB89E6DF092BC4B18A40FF8
                                                                                                                              SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                                                                                                                              SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                                                                                                                              SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\MSIB514.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):925800
                                                                                                                              Entropy (8bit):6.5962529078695535
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:fuPYAGxUherZNh0lhSMXlrI5s2JK5kmwE:2P5Ferq7I5RJK5k1E
                                                                                                                              MD5:421643EE7BB89E6DF092BC4B18A40FF8
                                                                                                                              SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                                                                                                                              SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                                                                                                                              SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\MSIB544.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):925800
                                                                                                                              Entropy (8bit):6.5962529078695535
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:fuPYAGxUherZNh0lhSMXlrI5s2JK5kmwE:2P5Ferq7I5RJK5k1E
                                                                                                                              MD5:421643EE7BB89E6DF092BC4B18A40FF8
                                                                                                                              SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                                                                                                                              SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                                                                                                                              SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\MSIB610.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):925800
                                                                                                                              Entropy (8bit):6.5962529078695535
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:fuPYAGxUherZNh0lhSMXlrI5s2JK5kmwE:2P5Ferq7I5RJK5k1E
                                                                                                                              MD5:421643EE7BB89E6DF092BC4B18A40FF8
                                                                                                                              SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                                                                                                                              SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                                                                                                                              SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\MSIB640.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):925800
                                                                                                                              Entropy (8bit):6.5962529078695535
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:fuPYAGxUherZNh0lhSMXlrI5s2JK5kmwE:2P5Ferq7I5RJK5k1E
                                                                                                                              MD5:421643EE7BB89E6DF092BC4B18A40FF8
                                                                                                                              SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                                                                                                                              SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                                                                                                                              SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Local\Temp\MSIC3BE.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):898912
                                                                                                                              Entropy (8bit):6.596353619858583
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:y//vq14OUaH0yxgC91E1h0lhSMXldU5Fr2CB6b0Wk6:y/Y02gCQsG592CB6b0Wk6
                                                                                                                              MD5:A67ACB81551A030E01CDA17FA4732580
                                                                                                                              SHA1:9F6B54919EE967FDDF20E74714049B8C13640083
                                                                                                                              SHA-256:107FD7EE1EAF17C27B4ED25990ACACE2CB51F8D39F4DFC8EF5A3DF03D02E1D34
                                                                                                                              SHA-512:30CC0870797220E23AF40D5F50A9CE823C1120FBA821FF15E057587C2A91C7247058E9A8479088047B9DC908C5176793E6F3CCD066DA30BD80E1179649B2F346
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........v+V..xV..xV..x...y]..x...y...x.9.yD..x.9.yN..x...yO..x.9.y7..x...yW..x...yA..xV..x>..x.:.y...x.:.yW..x.:.xW..xV..xW..x.:.yW..xRichV..x................PE..L...J..f.........."!...'.............G...............................................}....@A................................X........0..h............z..`=...@..$......p...............................@.......................@....................text...j........................... ..`.rdata........... ..................@..@.data... '..........................@....didat..H.... ......................@....rsrc...h....0......................@..@.reloc..$....@......................@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Roaming\ZKsnacks\Wasabi Wallet\prerequisites\Wasabi\Wasabi.msi (copy)

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Privacy focused Bitcoin wallet., Author: zkSNACKs, Keywords: bitcoin,cryptocurrency,blockchain,privacy,fungibility,anonymity, Comments: Easy Peasy Lemon Squeezey, Template: x64;1033, Revision Number: {5F69E7CE-1670-4C31-B486-E8789CC3BA9E}, Create Time/Date: Fri Sep 27 15:05:28 2024, Last Saved Time/Date: Fri Sep 27 15:05:28 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.0.8606), Security: 2
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):122200828
                                                                                                                              Entropy (8bit):7.998616781776545
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:3145728:D4loQVEFfBMLYMqwBFPn/ODdRLzKoBqQBb4IUH:DmoQW9B+3BFP/OplKUBbO
                                                                                                                              MD5:AB80E0A20CA2F31B6FDF87822D80350C
                                                                                                                              SHA1:5ACFDF5EABBE1E352F3768169BF9935D3681AC49
                                                                                                                              SHA-256:D001F9739CC31967D029EB5F31E1D645767D5746F859BBBE3C782C5872C50915
                                                                                                                              SHA-512:120CDDBA21CAE0363CB0BC92BC0C7DFE9E13AF92B81742D0DC59C8BBB43E0898C3C0EFC6590328872E9E7AB2387B07240A26289DFFA8F320170A4D7045694752
                                                                                                                              Malicious:false
                                                                                                                              Preview:......................>.................................................................................... ...$...(...,...0...4...8...<...@...D...H...L...P...T...X...\...`...d...h...l...p...t......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Users\user\AppData\Roaming\ZKsnacks\Wasabi Wallet\prerequisites\Wasabi\Wasabi.msi.part

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Privacy focused Bitcoin wallet., Author: zkSNACKs, Keywords: bitcoin,cryptocurrency,blockchain,privacy,fungibility,anonymity, Comments: Easy Peasy Lemon Squeezey, Template: x64;1033, Revision Number: {5F69E7CE-1670-4C31-B486-E8789CC3BA9E}, Create Time/Date: Fri Sep 27 15:05:28 2024, Last Saved Time/Date: Fri Sep 27 15:05:28 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.0.8606), Security: 2
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):122200828
                                                                                                                              Entropy (8bit):7.998616781776545
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:3145728:D4loQVEFfBMLYMqwBFPn/ODdRLzKoBqQBb4IUH:DmoQW9B+3BFP/OplKUBbO
                                                                                                                              MD5:AB80E0A20CA2F31B6FDF87822D80350C
                                                                                                                              SHA1:5ACFDF5EABBE1E352F3768169BF9935D3681AC49
                                                                                                                              SHA-256:D001F9739CC31967D029EB5F31E1D645767D5746F859BBBE3C782C5872C50915
                                                                                                                              SHA-512:120CDDBA21CAE0363CB0BC92BC0C7DFE9E13AF92B81742D0DC59C8BBB43E0898C3C0EFC6590328872E9E7AB2387B07240A26289DFFA8F320170A4D7045694752
                                                                                                                              Malicious:false
                                                                                                                              Preview:......................>.................................................................................... ...$...(...,...0...4...8...<...@...D...H...L...P...T...X...\...`...d...h...l...p...t......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Installer\5c201b.msi

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {4446D09C-0BE8-4268-928A-616EA901B217}, Number of Words: 2, Subject: Wasabi Wallet, Author: ZKsnacks, Name of Creating Application: Wasabi Wallet, Template: ;1033, Comments: This installer database contains the logic and data required to install Wasabi Wallet., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Tue Sep 24 13:44:59 2024, Last Saved Time/Date: Tue Sep 24 13:44:59 2024, Last Printed: Tue Sep 24 13:44:59 2024, Number of Pages: 450
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):3083264
                                                                                                                              Entropy (8bit):6.506107832492007
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:49152:6/fZzerSX55NaiU0o8P5Ferq7I5RJK5k1Q/Y02gCQsG592CB6b0Wk:airSxdxFeb02b
                                                                                                                              MD5:3B99D6DDF8DDA188BA5596D25EB5082D
                                                                                                                              SHA1:97F0218BA3529184DDA5FFAD538B2E511C9A11E2
                                                                                                                              SHA-256:FA8B7C248496F1CF913F9691091901C11877070110D240673B3DD947F46093FD
                                                                                                                              SHA-512:889577435FC8415B20D4632B6DF5D78907DC6D66F26A33B9639009EADEE6D80E6C477702E9B7E8A5B45DD911DF82D274D27E4B5EA9F1478D2ED79F937F460DB4
                                                                                                                              Malicious:false
                                                                                                                              Preview:......................>...................0...................................p.......o.......................................................b.......................................................................................................................l...................................................................................................................................................................................................................................................................L...........$...9............................................................................................... ...!..."...#...0...%...2...'...(...)...*...+...,...-......./.......1...3...7...4...5...6...:...8...A...D...;...<...=...>...?...@...I...B...C...J...E...F...G...H...........K...M...q...N...O...P...Q.......S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...........r...s...t...u...v...w...x...y...z...

                                                                                                                              C:\Windows\Installer\5c201d.msi

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Privacy focused Bitcoin wallet., Author: zkSNACKs, Keywords: bitcoin,cryptocurrency,blockchain,privacy,fungibility,anonymity, Comments: Easy Peasy Lemon Squeezey, Template: x64;1033, Revision Number: {5F69E7CE-1670-4C31-B486-E8789CC3BA9E}, Create Time/Date: Fri Sep 27 15:05:28 2024, Last Saved Time/Date: Fri Sep 27 15:05:28 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.0.8606), Security: 2
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):122200828
                                                                                                                              Entropy (8bit):7.998616781776545
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:3145728:D4loQVEFfBMLYMqwBFPn/ODdRLzKoBqQBb4IUH:DmoQW9B+3BFP/OplKUBbO
                                                                                                                              MD5:AB80E0A20CA2F31B6FDF87822D80350C
                                                                                                                              SHA1:5ACFDF5EABBE1E352F3768169BF9935D3681AC49
                                                                                                                              SHA-256:D001F9739CC31967D029EB5F31E1D645767D5746F859BBBE3C782C5872C50915
                                                                                                                              SHA-512:120CDDBA21CAE0363CB0BC92BC0C7DFE9E13AF92B81742D0DC59C8BBB43E0898C3C0EFC6590328872E9E7AB2387B07240A26289DFFA8F320170A4D7045694752
                                                                                                                              Malicious:false
                                                                                                                              Preview:......................>.................................................................................... ...$...(...,...0...4...8...<...@...D...H...L...P...T...X...\...`...d...h...l...p...t......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Installer\5c201f.msi

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Privacy focused Bitcoin wallet., Author: zkSNACKs, Keywords: bitcoin,cryptocurrency,blockchain,privacy,fungibility,anonymity, Comments: Easy Peasy Lemon Squeezey, Template: x64;1033, Revision Number: {5F69E7CE-1670-4C31-B486-E8789CC3BA9E}, Create Time/Date: Fri Sep 27 15:05:28 2024, Last Saved Time/Date: Fri Sep 27 15:05:28 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.0.8606), Security: 2
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):122200828
                                                                                                                              Entropy (8bit):7.998616781776545
                                                                                                                              Encrypted:true
                                                                                                                              SSDEEP:3145728:D4loQVEFfBMLYMqwBFPn/ODdRLzKoBqQBb4IUH:DmoQW9B+3BFP/OplKUBbO
                                                                                                                              MD5:AB80E0A20CA2F31B6FDF87822D80350C
                                                                                                                              SHA1:5ACFDF5EABBE1E352F3768169BF9935D3681AC49
                                                                                                                              SHA-256:D001F9739CC31967D029EB5F31E1D645767D5746F859BBBE3C782C5872C50915
                                                                                                                              SHA-512:120CDDBA21CAE0363CB0BC92BC0C7DFE9E13AF92B81742D0DC59C8BBB43E0898C3C0EFC6590328872E9E7AB2387B07240A26289DFFA8F320170A4D7045694752
                                                                                                                              Malicious:false
                                                                                                                              Preview:......................>.................................................................................... ...$...(...,...0...4...8...<...@...D...H...L...P...T...X...\...`...d...h...l...p...t......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Installer\MSI2163.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):925800
                                                                                                                              Entropy (8bit):6.5962529078695535
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:fuPYAGxUherZNh0lhSMXlrI5s2JK5kmwE:2P5Ferq7I5RJK5k1E
                                                                                                                              MD5:421643EE7BB89E6DF092BC4B18A40FF8
                                                                                                                              SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                                                                                                                              SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                                                                                                                              SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Installer\MSI21C2.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):925800
                                                                                                                              Entropy (8bit):6.5962529078695535
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:fuPYAGxUherZNh0lhSMXlrI5s2JK5kmwE:2P5Ferq7I5RJK5k1E
                                                                                                                              MD5:421643EE7BB89E6DF092BC4B18A40FF8
                                                                                                                              SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                                                                                                                              SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                                                                                                                              SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Installer\MSI21E2.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):925800
                                                                                                                              Entropy (8bit):6.5962529078695535
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:fuPYAGxUherZNh0lhSMXlrI5s2JK5kmwE:2P5Ferq7I5RJK5k1E
                                                                                                                              MD5:421643EE7BB89E6DF092BC4B18A40FF8
                                                                                                                              SHA1:E801582A6DD358060A699C9C5CDE31CD07EE49AB
                                                                                                                              SHA-256:D6B89FD5A95071E7B144D8BEDCB09B694E9CD14BFBFAFB782B17CF8413EAC6DA
                                                                                                                              SHA-512:D59C4EC7690E535DA84F94BEF2BE7F94D6BFD0B2908FA9A67D0897ABE8A2825FD52354C495EA1A7F133F727C2EE356869CC80BACF5557864D535A72D8C396023
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........u....i..i..i.zfj..i.zfl...i.k.m..i.k.j..i.k.l...i.zfm..i.zfo..i.zfh..i..h.n.i.Z.`...i.Z.i..i.Z....i.....i.Z.k..i.Rich..i.........................PE..L......f.........."!...'.....&......p0.......................................0.......p....@A.........................&......./..,.......................h:..............p...........................0...@............................................text...Z........................... ..`.rdata...[.......\..................@..@.data....(...P.......2..............@....rsrc................F..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Installer\MSI2231.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):898912
                                                                                                                              Entropy (8bit):6.596353619858583
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24576:y//vq14OUaH0yxgC91E1h0lhSMXldU5Fr2CB6b0Wk6:y/Y02gCQsG592CB6b0Wk6
                                                                                                                              MD5:A67ACB81551A030E01CDA17FA4732580
                                                                                                                              SHA1:9F6B54919EE967FDDF20E74714049B8C13640083
                                                                                                                              SHA-256:107FD7EE1EAF17C27B4ED25990ACACE2CB51F8D39F4DFC8EF5A3DF03D02E1D34
                                                                                                                              SHA-512:30CC0870797220E23AF40D5F50A9CE823C1120FBA821FF15E057587C2A91C7247058E9A8479088047B9DC908C5176793E6F3CCD066DA30BD80E1179649B2F346
                                                                                                                              Malicious:false
                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........v+V..xV..xV..x...y]..x...y...x.9.yD..x.9.yN..x...yO..x.9.y7..x...yW..x...yA..xV..x>..x.:.y...x.:.yW..x.:.xW..xV..xW..x.:.yW..xRichV..x................PE..L...J..f.........."!...'.............G...............................................}....@A................................X........0..h............z..`=...@..$......p...............................@.......................@....................text...j........................... ..`.rdata........... ..................@..@.data... '..........................@....didat..H.... ......................@....rsrc...h....0......................@..@.reloc..$....@......................@..B........................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Installer\MSI2290.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):1333
                                                                                                                              Entropy (8bit):5.544999005590783
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:TTBRKXjEiu64gUEd4NWizUxFkUZpUKggYDhiSd4OgjxFkDb/:XLKXwa4SYF6GkpNYD8SVWGDz
                                                                                                                              MD5:A2259CFD46AC280176128BA10D7E9D8E
                                                                                                                              SHA1:9456279FE94594718F69F35BAD7E0341490D014D
                                                                                                                              SHA-256:27CADAB2BE4D69F79C2E0BD5C3A1A75E1C59C4573B92AE7F515DB60C38E230EE
                                                                                                                              SHA-512:E3F0B743A168CB202D572B10638B44831C6FF59DEBFFC41AFC4E1F93968CFC8F0584510630CDAB4C2EABA54495B3A64245754F645220943F9CA4D5DE0386BDD4
                                                                                                                              Malicious:false
                                                                                                                              Preview:...@IXOS.@.....@..AY.@.....@.....@.....@.....@.....@......&.{FD1DF55A-A524-448D-9669-E90738865A64}..Wasabi Wallet..Wasabi.msi.@.....@.....@.....@........&.{4446D09C-0BE8-4268-928A-616EA901B217}.....@.....@.....@.....@.......@.....@.....@.......@......Wasabi Wallet......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{A4AF83FF-58DF-4585-9996-6B6EADACC651}..C:\Program Files (x86)\ZKsnacks\Wasabi Wallet\.@.......@.....@.....@......&.{A90A03B5-6772-4978-95A7-2F25405FE3DD}+.02:\Software\ZKsnacks\Wasabi Wallet\Version.@.......@.....@.....@......&.{A83FEC63-797F-4A8C-9310-3E721F2E882F}k.02:\Software\Caphyon\Advanced Installer\Prereqs\{FD1DF55A-A524-448D-9669-E90738865A64}\2.4.0.0\WasabiWallet.@.......@.....@.....@........CreateFolders..Creating folders..Folder: [1]"...C:\Program Files (x86)\ZKsnacks\Wasabi Wallet\.@........WriteRegistryValues..Writing system registr

                                                                                                                              C:\Windows\Installer\MSI4BE3.tmp

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):325907
                                                                                                                              Entropy (8bit):5.971632980387486
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3072:pdqQS6I4qI3beI6N4K5wQTvjUWqxloBorvUauCQnMtinj7MNEeVCbHAmW9MLp:pr3bbEL2QbjUv/f+MUvMeeVCbHAmb
                                                                                                                              MD5:34E8C774E006B35E8220E3B4C841B7F2
                                                                                                                              SHA1:124BBD5AE03174E2163F0AC75E932BCD62B4442F
                                                                                                                              SHA-256:6FCEDC1D7FF2C7FF11AAD4DC0C09FEA46D266E5F77931CCB2E9858A79E3FB39F
                                                                                                                              SHA-512:451ED43BD0AD296D3F6627C5650269962F7B09D703737BFD7B65F033456DF968DED1F92CD95364B29AC4199BA08AD09FF6BC015077AE3C901B5CB4B3478EE885
                                                                                                                              Malicious:false
                                                                                                                              Preview:...@IXOS.@.....@..AY.@.....@.....@.....@.....@.....@......&.{7E27347D-8384-46CE-902E-1A7B1BB18ADF}..Wasabi Wallet..Wasabi.msi.@.....@.....@.....@......icon.ico..&.{5F69E7CE-1670-4C31-B486-E8789CC3BA9E}.....@.....@.....@.....@.......@.....@.....@.......@......Wasabi Wallet......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{50CAF59B-0B66-4CA3-8D92-C96591A707AD}+.21:\SOFTWARE\WasabiWallet\StartMenuShortcut.@.......@.....@.....@......&.{FD3D13B1-AA09-495F-A1DE-0E50A010DDF6}).21:\SOFTWARE\WasabiWallet\DesktopShortcut.@.......@.....@.....@......&.{F466DDCF-6231-4B9C-8DBB-7837DFAAFEE3}/.C:\Program Files\WasabiWallet\Avalonia.Base.dll.@.......@.....@.....@......&.{B3286041-724E-4148-A4E5-1170C39B24C4}3.C:\Program Files\WasabiWallet\Avalonia.Controls.dll.@.......@.....@.....@......&.{10C2A0C3-69F7-4A6D-8A78-0431965D6BA5}@.C:\Program Files\WasabiWallet\Avalonia

                                                                                                                              C:\Windows\Installer\SourceHash{7E27347D-8384-46CE-902E-1A7B1BB18ADF}

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):20480
                                                                                                                              Entropy (8bit):1.1617449697340205
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:JSbX72Fj+CAGiLIlHVRpth/7777777777777777777777777vDHFOEjFupSl0i8Q:JnQI5p8MEF
                                                                                                                              MD5:E57C8AF4CAF084FB4659B3898329B0C1
                                                                                                                              SHA1:44A0043E9CEF74794220D0D3EBA4DD55B2B92789
                                                                                                                              SHA-256:3B045BA757D5BB9AB5902FD6D22A2DFD6A894C10A875EC696FB7396FF803F1F3
                                                                                                                              SHA-512:6F664EDC1584F90285FA67DF01A8738B5730F6C8A5EAD0380AF2DD4D14BE2A957C5216BF8914C16A583AF661BA6E63D950EDDBA1660FA9EE0D85BEFA1377BB93
                                                                                                                              Malicious:false
                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Installer\SourceHash{FD1DF55A-A524-448D-9669-E90738865A64}

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):20480
                                                                                                                              Entropy (8bit):1.1621179035160782
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:12:JSbX72Fj/AGiLIlHVRpth/7777777777777777777777777vDHFDvpSl0i8Q:J9QI5p1xF
                                                                                                                              MD5:D79E116AE0CC2CD71146C7F70E825865
                                                                                                                              SHA1:1847BCDF58F9CCE305103B346C600A9FAD443571
                                                                                                                              SHA-256:72A212B2F76AF1FCBF3561CDAD02CDB3DF92F6B451AE6B9D0F5C1351AD3692D8
                                                                                                                              SHA-512:0527223BD15715CEB4FC8CEB7CC2D9C56A1152EF1AA999C4370FCCBAD9BF66653C3B3CAA994E4B769030DD43754EC7EDF82CD513E3ED4E0BAF1DFBBE668FB285
                                                                                                                              Malicious:false
                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):20480
                                                                                                                              Entropy (8bit):1.5145175222010652
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:T8PhQuRc06WX4sFT5bvzt+dgS5Mvjx1dgSIr8G:6hQ1cFTtvztpTvWcG
                                                                                                                              MD5:2F2C4DAEB9841406F3F5521980D00550
                                                                                                                              SHA1:21E2163DEF36F0A89733E3F791CAAE13A6B0C85C
                                                                                                                              SHA-256:6A7561B1A736F834132D6324A918AB1CABB2F8710829239063CE86510A0B0035
                                                                                                                              SHA-512:F3FCCA59A412978AA197A6622F83C26EA1EDCDFEB11787C13059029C8B1F5A249AA52176671575E57E2B3396BB5978C714FB93C6EB8C7C38E0F870D63AADFA79
                                                                                                                              Malicious:false
                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Installer\{7E27347D-8384-46CE-902E-1A7B1BB18ADF}\icon.ico

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:MS Windows icon resource - 6 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, -128x-128, 32 bits/pixel
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):123233
                                                                                                                              Entropy (8bit):5.251624492454695
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:768:lxgp3Dzs/669fbhVf3BqFhEfSVNTMDWoBllOllxlllall8UllcSllvllbllnllji:0p8imfb7BqNVNTAeBHCbweA0X
                                                                                                                              MD5:4D10A07697D994BD7E0CB82235245075
                                                                                                                              SHA1:2FEA76678B78108DAA1E62F5D711D7B4A4D2A6BD
                                                                                                                              SHA-256:944693867A2ECB6D75DAA666309B397694EAEE6EF22BD0215FC95A558B6C6F20
                                                                                                                              SHA-512:795EA08D6EB06309E84B50149A2360F444358B215DB625D5BC28F822CA104E6B70AE4C121D75A98172D563992FBC6884D4F2733BAB2EF0C475C5967B3DB65F54
                                                                                                                              Malicious:false
                                                                                                                              Preview:............ ..[..f......... .(...Y\..@@.... .(B...d..00.... ..%...... .... .....Q......... .h........PNG........IHDR.............\r.f..[.IDATx..y.-Gq'..:.....V$....!!.I.. .. ..gl..K.....a......|.f.,.06....1.6...#...Jb...$.@...z..........Sg.....}.**~......S.a.....x.*<.{........8....9..=.....Z..o..9.........HG.......G&_.../.^(..u..Yx..G.x.n..w...x...[..U..J.q...W....r.k.d..E.n..S........x2.S.....'..K......S.)g...:[.~9.!;k.../..P.M~.....o.c%.e.=...s8...<.._{..aG'Is.K..^.1.we3Nw.S..Ov....C+3.g.`.L....L@.....).G././....4....d...B.q....{.....w.{mic)..+?..WF.......Ez.N.@.r.....b*.''3.....-..pw...+.Y"&...ax.;.|...7..........B...>..;.78..y`e.2....6.S...........1t,..`/.>.=.....Y...XH.8..x.w.Sx<.@.w.:v...3t.\.gP#..._......H...Ox.7..%..L.`.....?.#.^.../....f...%.k.5r_=.>..f.]...i..Q....3..7...;..9....E..lV`<...^.)l]..?..z.[%........C....Br......VcPO.^.;.....y.{&w ......'.`.p....x.{.8..]...\........o.rA.L>.... 3(z9).2."n...../...Le..p.......J..p#.+.=.&.^..b..a...

                                                                                                                              C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):360001
                                                                                                                              Entropy (8bit):5.362967740179317
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgau8:zTtbmkExhMJCIpEx
                                                                                                                              MD5:902E950ABD6A81C71351AF752BD73FF4
                                                                                                                              SHA1:8E1B7289093F5DDA870DE87FD0CAC44836129EB3
                                                                                                                              SHA-256:995D4C4AA941FF3C6302EFB3EBC222E9E7B6D3540F4E11BF62B7DD3C2580D966
                                                                                                                              SHA-512:F61ED6C92509E508CBE953C590AB612C80554273F4E7735AFAD46E5435B0F8C2C07B965DE3E86D4F6A38EB70E1E9E2C569816B8D1B41F913515692E848E47DE4
                                                                                                                              Malicious:false
                                                                                                                              Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                              C:\Windows\Temp\~DF0086EFD877E97D0D.TMP

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):512
                                                                                                                              Entropy (8bit):0.0
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3::
                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                              Malicious:false
                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Temp\~DF03AE80A2CDDE1827.TMP

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):512
                                                                                                                              Entropy (8bit):0.0
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3::
                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                              Malicious:false
                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Temp\~DF146954CE5DC6B5B2.TMP

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):32768
                                                                                                                              Entropy (8bit):1.3200040899563183
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:7lUu6O+CFXJpT55uEedZRSkdZ/VAEkrCyhMgoEvzphdZRSkdZLC7KO7:xU4RT3uEYRz/eRC1UvzptRzIK
                                                                                                                              MD5:036DAEA516DA8D3BAB3333745DC1F865
                                                                                                                              SHA1:C3655067CC6A0256A020ED6891AB2243083968DC
                                                                                                                              SHA-256:D6E92B3831501C19FD11A707E3F2E66F13BB50E3FE2A7F6B0050D8ACD421557B
                                                                                                                              SHA-512:81DF14B454244CCF477006A2E86D3AAA61EBF01B92CDDEE2FDB796C69F20C4A2ACE6FF6E4A5662088EAF46BA39E791828A6E010A21C76E47B6DD72F3E50AF397
                                                                                                                              Malicious:false
                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Temp\~DF1D739595AAFEEAAF.TMP

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):20480
                                                                                                                              Entropy (8bit):1.6572051341886174
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:u8PhcuRc06WXJ0FT5nEedZRSkdZ/VAEkrCyhMgoEvzphdZRSkdZLC7KO7:hhc13FT5EYRz/eRC1UvzptRzIK
                                                                                                                              MD5:3A1D0DB6BBA94B8388D45DC70516BFC5
                                                                                                                              SHA1:41C9E1662DAD2580BE2846F8671C91A72888A8B6
                                                                                                                              SHA-256:8147F364128604B6EF6CEEB0BD3A3C8A79AC6EE7DDC53B70E9F8A20C225F5141
                                                                                                                              SHA-512:2373A54D34D4E6AB79540289C879032133EED55E0ACF56BF871BE12EBCF201F905E34C046A929002D73FC18D1E97B1AD4DDA18D8AF71B3876212E90E961DF2AA
                                                                                                                              Malicious:false
                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Temp\~DF25E48441810FE9B0.TMP

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):512
                                                                                                                              Entropy (8bit):0.0
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3::
                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                              Malicious:false
                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Temp\~DF462ECF10C1F12CC6.TMP

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):32768
                                                                                                                              Entropy (8bit):0.06951226985371077
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOfyG3NAywQVky6lS:2F0i8n0itFzDHFD6S
                                                                                                                              MD5:ED837FFA36380004D8985BE302F8C3D2
                                                                                                                              SHA1:4438F5147D2218CBD31BBD27269FC244F1B9A325
                                                                                                                              SHA-256:CBA5FC505BBA81A8AFA813C62B079C347F4E5E9FBDEDD47BBEE0373C6A19C347
                                                                                                                              SHA-512:0B3C15528222D70A4E8F70202744F410E5ECFA4976F14FB1D9E370A7C16B514A38EA365FFCCB0585FFC494E4F3AB65937A1F74DD6E18CC5D0721EB7FA806D959
                                                                                                                              Malicious:false
                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Temp\~DF4C31645CFAC1A01B.TMP

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):32768
                                                                                                                              Entropy (8bit):1.2159149280394188
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:nJYusO+xFX4hT52vzt+dgS5Mvjx1dgSIr8G:JYlCTMvztpTvWcG
                                                                                                                              MD5:F3463E911971AA8557953BDCC0140D29
                                                                                                                              SHA1:7143B863B51DA8B7BB919DE0A9410BE0AAEEC3E9
                                                                                                                              SHA-256:AE6AB784DB4CA76133B79F71F1DC1F67593D6BBB34EE660A361CE50C0C1A6607
                                                                                                                              SHA-512:4C64785056F8C728BDDCA5BF359420070810EF0ECCED1CFD301190C53BA119FB606BF74FC818FF4802EB60937F3951F0957185161002BB6119578D3662A8C0E1
                                                                                                                              Malicious:false
                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Temp\~DF4C772AB2DD50AB31.TMP

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):32768
                                                                                                                              Entropy (8bit):0.06908304220581432
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOOEHDFL0SQVky6lS:2F0i8n0itFzDHFOEjFDS
                                                                                                                              MD5:3C9038D85B9A2B112E45C1221F0851DE
                                                                                                                              SHA1:AE375AB3325EEAACF2FD7F4CCEFAE068150165F6
                                                                                                                              SHA-256:5ADE21E4110AA2D74CE4EBDC30A6997387A8B16EE7214B0A9387FA1574D44BAE
                                                                                                                              SHA-512:7AD843CBA239BC02BAE33E587FE5CB717196AD7401E067D69441F45D36AFD02C22B5E390C6E3B17FFCE16258C9C8F747A302152B60ECFC62579DA6859036E4F4
                                                                                                                              Malicious:false
                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Temp\~DF51D1FE1FCCC1229C.TMP

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):512
                                                                                                                              Entropy (8bit):0.0
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3::
                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                              Malicious:false
                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Temp\~DF52EE7C401AE1455A.TMP

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):32768
                                                                                                                              Entropy (8bit):1.3200040899563183
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:7lUu6O+CFXJpT55uEedZRSkdZ/VAEkrCyhMgoEvzphdZRSkdZLC7KO7:xU4RT3uEYRz/eRC1UvzptRzIK
                                                                                                                              MD5:036DAEA516DA8D3BAB3333745DC1F865
                                                                                                                              SHA1:C3655067CC6A0256A020ED6891AB2243083968DC
                                                                                                                              SHA-256:D6E92B3831501C19FD11A707E3F2E66F13BB50E3FE2A7F6B0050D8ACD421557B
                                                                                                                              SHA-512:81DF14B454244CCF477006A2E86D3AAA61EBF01B92CDDEE2FDB796C69F20C4A2ACE6FF6E4A5662088EAF46BA39E791828A6E010A21C76E47B6DD72F3E50AF397
                                                                                                                              Malicious:false
                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Temp\~DF5B1BD3EA9AEC2549.TMP

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):32768
                                                                                                                              Entropy (8bit):1.2159149280394188
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:nJYusO+xFX4hT52vzt+dgS5Mvjx1dgSIr8G:JYlCTMvztpTvWcG
                                                                                                                              MD5:F3463E911971AA8557953BDCC0140D29
                                                                                                                              SHA1:7143B863B51DA8B7BB919DE0A9410BE0AAEEC3E9
                                                                                                                              SHA-256:AE6AB784DB4CA76133B79F71F1DC1F67593D6BBB34EE660A361CE50C0C1A6607
                                                                                                                              SHA-512:4C64785056F8C728BDDCA5BF359420070810EF0ECCED1CFD301190C53BA119FB606BF74FC818FF4802EB60937F3951F0957185161002BB6119578D3662A8C0E1
                                                                                                                              Malicious:false
                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Temp\~DF5E1356CB00D3FE15.TMP

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):512
                                                                                                                              Entropy (8bit):0.0
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3::
                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                              Malicious:false
                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Temp\~DF88DABFD11D0B627D.TMP

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):512
                                                                                                                              Entropy (8bit):0.0
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3::
                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                              Malicious:false
                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Temp\~DF912D9F0FB7F6E70B.TMP

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):69632
                                                                                                                              Entropy (8bit):0.12431527875430366
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:24:GsNyEJfAebxdgipVGdgipV7VqoIylFwGEKSxk79+foIylU:50ErxdgScdgS5Mvjx4mvz
                                                                                                                              MD5:086AC7923FE3FE141F2435F19346CDE8
                                                                                                                              SHA1:A730789AEFF1D145498FE2701ABA1E7C5B5CD3FA
                                                                                                                              SHA-256:512B78AD471BEAB90AB323B81958235EC73E47C10095D59FFCDCB11BC863B29A
                                                                                                                              SHA-512:0547D04052CCD6C22199305912DCA71D7C072838558C7DBF0687D1A026E99FC9B02B960F82EB27E2F2A67C8BCB5163E7EB69B275B22346EF06354A642D6DAAF9
                                                                                                                              Malicious:false
                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Temp\~DF96005DED269E0110.TMP

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):20480
                                                                                                                              Entropy (8bit):1.6572051341886174
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:u8PhcuRc06WXJ0FT5nEedZRSkdZ/VAEkrCyhMgoEvzphdZRSkdZLC7KO7:hhc13FT5EYRz/eRC1UvzptRzIK
                                                                                                                              MD5:3A1D0DB6BBA94B8388D45DC70516BFC5
                                                                                                                              SHA1:41C9E1662DAD2580BE2846F8671C91A72888A8B6
                                                                                                                              SHA-256:8147F364128604B6EF6CEEB0BD3A3C8A79AC6EE7DDC53B70E9F8A20C225F5141
                                                                                                                              SHA-512:2373A54D34D4E6AB79540289C879032133EED55E0ACF56BF871BE12EBCF201F905E34C046A929002D73FC18D1E97B1AD4DDA18D8AF71B3876212E90E961DF2AA
                                                                                                                              Malicious:false
                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Temp\~DFACF3B54B307EF021.TMP

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):73728
                                                                                                                              Entropy (8bit):0.17183899088237045
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:dO75ECtdZRSkdZGdZRSkdZ/VAEkrCyhMgoEvzpiJ:dSHRzwRz/eRC1UvzpiJ
                                                                                                                              MD5:73ECB605FA312B1AB4EC801FE1A401AF
                                                                                                                              SHA1:62E3F3753F3522BF95950797678A30A262B96C8A
                                                                                                                              SHA-256:03CC3779F48DDC2531D61F0B8B0C66341E6DED587402E1BAF94750340019AF6B
                                                                                                                              SHA-512:804B4F6CF1990807AF5121E6452D46FE86200E205B0469AD3046833DC773534ED9DBDF08DEF7C68C26B84A301CF452534636A8D2095B951A1ED16F0D40EB7AD2
                                                                                                                              Malicious:false
                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Temp\~DFB19691689836CECC.TMP

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):512
                                                                                                                              Entropy (8bit):0.0
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3::
                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                              Malicious:false
                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Temp\~DFB23D5F45F7B65C99.TMP

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):512
                                                                                                                              Entropy (8bit):0.0
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3::
                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                              Malicious:false
                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Temp\~DFD0996CD2FAB4AB79.TMP

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):20480
                                                                                                                              Entropy (8bit):1.5145175222010652
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:T8PhQuRc06WX4sFT5bvzt+dgS5Mvjx1dgSIr8G:6hQ1cFTtvztpTvWcG
                                                                                                                              MD5:2F2C4DAEB9841406F3F5521980D00550
                                                                                                                              SHA1:21E2163DEF36F0A89733E3F791CAAE13A6B0C85C
                                                                                                                              SHA-256:6A7561B1A736F834132D6324A918AB1CABB2F8710829239063CE86510A0B0035
                                                                                                                              SHA-512:F3FCCA59A412978AA197A6622F83C26EA1EDCDFEB11787C13059029C8B1F5A249AA52176671575E57E2B3396BB5978C714FB93C6EB8C7C38E0F870D63AADFA79
                                                                                                                              Malicious:false
                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Temp\~DFD940BF06BF358F17.TMP

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):32768
                                                                                                                              Entropy (8bit):1.2159149280394188
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:nJYusO+xFX4hT52vzt+dgS5Mvjx1dgSIr8G:JYlCTMvztpTvWcG
                                                                                                                              MD5:F3463E911971AA8557953BDCC0140D29
                                                                                                                              SHA1:7143B863B51DA8B7BB919DE0A9410BE0AAEEC3E9
                                                                                                                              SHA-256:AE6AB784DB4CA76133B79F71F1DC1F67593D6BBB34EE660A361CE50C0C1A6607
                                                                                                                              SHA-512:4C64785056F8C728BDDCA5BF359420070810EF0ECCED1CFD301190C53BA119FB606BF74FC818FF4802EB60937F3951F0957185161002BB6119578D3662A8C0E1
                                                                                                                              Malicious:false
                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Temp\~DFE76590BDB9D0DDEE.TMP

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):512
                                                                                                                              Entropy (8bit):0.0
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3::
                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                              Malicious:false
                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Temp\~DFEC8878B6687994CD.TMP

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):32768
                                                                                                                              Entropy (8bit):1.3200040899563183
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:7lUu6O+CFXJpT55uEedZRSkdZ/VAEkrCyhMgoEvzphdZRSkdZLC7KO7:xU4RT3uEYRz/eRC1UvzptRzIK
                                                                                                                              MD5:036DAEA516DA8D3BAB3333745DC1F865
                                                                                                                              SHA1:C3655067CC6A0256A020ED6891AB2243083968DC
                                                                                                                              SHA-256:D6E92B3831501C19FD11A707E3F2E66F13BB50E3FE2A7F6B0050D8ACD421557B
                                                                                                                              SHA-512:81DF14B454244CCF477006A2E86D3AAA61EBF01B92CDDEE2FDB796C69F20C4A2ACE6FF6E4A5662088EAF46BA39E791828A6E010A21C76E47B6DD72F3E50AF397
                                                                                                                              Malicious:false
                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Temp\~DFF224CD50A83BF876.TMP

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:data
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):512
                                                                                                                              Entropy (8bit):0.0
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:3::
                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                              Malicious:false
                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              C:\Windows\Temp\~DFFE1DE87B694D1600.TMP

                                                                                                                              Download File
                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                              Category:dropped
                                                                                                                              Size (bytes):20480
                                                                                                                              Entropy (8bit):1.5145175222010652
                                                                                                                              Encrypted:false
                                                                                                                              SSDEEP:48:T8PhQuRc06WX4sFT5bvzt+dgS5Mvjx1dgSIr8G:6hQ1cFTtvztpTvWcG
                                                                                                                              MD5:2F2C4DAEB9841406F3F5521980D00550
                                                                                                                              SHA1:21E2163DEF36F0A89733E3F791CAAE13A6B0C85C
                                                                                                                              SHA-256:6A7561B1A736F834132D6324A918AB1CABB2F8710829239063CE86510A0B0035
                                                                                                                              SHA-512:F3FCCA59A412978AA197A6622F83C26EA1EDCDFEB11787C13059029C8B1F5A249AA52176671575E57E2B3396BB5978C714FB93C6EB8C7C38E0F870D63AADFA79
                                                                                                                              Malicious:false
                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                              Static File Info

                                                                                                                              General

                                                                                                                              File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {4446D09C-0BE8-4268-928A-616EA901B217}, Number of Words: 2, Subject: Wasabi Wallet, Author: ZKsnacks, Name of Creating Application: Wasabi Wallet, Template: ;1033, Comments: This installer database contains the logic and data required to install Wasabi Wallet., Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Tue Sep 24 13:44:59 2024, Last Saved Time/Date: Tue Sep 24 13:44:59 2024, Last Printed: Tue Sep 24 13:44:59 2024, Number of Pages: 450
                                                                                                                              Entropy (8bit):6.506107832492007
                                                                                                                              TrID:
                                                                                                                              • Windows SDK Setup Transform Script (63028/2) 47.91%
                                                                                                                              • Microsoft Windows Installer (60509/1) 46.00%
                                                                                                                              • Generic OLE2 / Multistream Compound File (8008/1) 6.09%
                                                                                                                              File name:Wasabi.msi
                                                                                                                              File size:3'083'264 bytes
                                                                                                                              MD5:3b99d6ddf8dda188ba5596d25eb5082d
                                                                                                                              SHA1:97f0218ba3529184dda5ffad538b2e511c9a11e2
                                                                                                                              SHA256:fa8b7c248496f1cf913f9691091901c11877070110d240673b3dd947f46093fd
                                                                                                                              SHA512:889577435fc8415b20d4632b6df5d78907dc6d66f26a33b9639009eadee6d80e6c477702e9b7e8a5b45dd911df82d274d27e4b5ea9f1478d2ed79f937f460db4
                                                                                                                              SSDEEP:49152:6/fZzerSX55NaiU0o8P5Ferq7I5RJK5k1Q/Y02gCQsG592CB6b0Wk:airSxdxFeb02b
                                                                                                                              TLSH:F9E56C2076CBC036E56F0372A93EEE7A903D7D262B7344D762E47A6D58348C25732A17
                                                                                                                              File Content Preview:........................>...................0...................................p.......o.......................................................b..............................................................................................................

                                                                                                                              File Icon

                                                                                                                              Icon Hash:2d2e3797b32b2b99

                                                                                                                              Network Behavior

                                                                                                                              Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

                                                                                                                              Statistics

                                                                                                                              CPU Usage

                                                                                                                              Click to jump to process

                                                                                                                              Memory Usage

                                                                                                                              Click to jump to process

                                                                                                                              Behavior

                                                                                                                              Click to jump to process

                                                                                                                              System Behavior

                                                                                                                              General

                                                                                                                              Target ID:0
                                                                                                                              Start time:18:31:01
                                                                                                                              Start date:01/10/2024
                                                                                                                              Path:C:\Windows\System32\msiexec.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Wasabi.msi"
                                                                                                                              Imagebase:0x7ff61af50000
                                                                                                                              File size:69'632 bytes
                                                                                                                              MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:false

                                                                                                                              General

                                                                                                                              Target ID:2
                                                                                                                              Start time:18:31:01
                                                                                                                              Start date:01/10/2024
                                                                                                                              Path:C:\Windows\System32\msiexec.exe
                                                                                                                              Wow64 process (32bit):false
                                                                                                                              Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                              Imagebase:0x7ff61af50000
                                                                                                                              File size:69'632 bytes
                                                                                                                              MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:false

                                                                                                                              General

                                                                                                                              Target ID:3
                                                                                                                              Start time:18:31:02
                                                                                                                              Start date:01/10/2024
                                                                                                                              Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 8954D0F09732CC8C32EC25B7D9AA876D C
                                                                                                                              Imagebase:0x7f0000
                                                                                                                              File size:59'904 bytes
                                                                                                                              MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:false

                                                                                                                              General

                                                                                                                              Target ID:16
                                                                                                                              Start time:20:09:34
                                                                                                                              Start date:01/10/2024
                                                                                                                              Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding E9EF6AB8F4B248236972964FA7D85355
                                                                                                                              Imagebase:0x7f0000
                                                                                                                              File size:59'904 bytes
                                                                                                                              MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:true

                                                                                                                              General

                                                                                                                              Target ID:17
                                                                                                                              Start time:20:09:34
                                                                                                                              Start date:01/10/2024
                                                                                                                              Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\ZKsnacks\Wasabi Wallet\prerequisites\Wasabi\Wasabi.msi"
                                                                                                                              Imagebase:0x7f0000
                                                                                                                              File size:59'904 bytes
                                                                                                                              MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:high
                                                                                                                              Has exited:false

                                                                                                                              Disassembly

                                                                                                                              No disassembly