Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
nsis-installer.exe

Overview

General Information

Sample name:nsis-installer.exe
Analysis ID:1427113
MD5:85aea19a596f59d0dbf368f99be6a139
SHA1:9fd84c0780b6555cdeed499b30e5d67071998fbc
SHA256:7a95214e7077d7324c0e8dc7d20f2a4e625bc0ac7e14b1446e37c47dff7eeb5b
Infos:

Detection

Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Loading BitLocker PowerShell Module
Opens the same file many times (likely Sandbox evasion)
Tries to steal communication platform credentials (via file / registry access)
Binary contains a suspicious time stamp
Contains functionality for read data from the clipboard
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains sections with non-standard names
Queries keyboard layouts
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Console CodePage Lookup Via CHCP
Sigma detected: Startup Folder File Write
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • nsis-installer.exe (PID: 280 cmdline: "C:\Users\user\Desktop\nsis-installer.exe" MD5: 85AEA19A596F59D0DBF368F99BE6A139)
    • cmd.exe (PID: 6492 cmdline: cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq SerenityTherapyInstaller.exe" /FO csv | %SYSTEMROOT%\System32\find.exe "SerenityTherapyInstaller.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6520 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 2304 cmdline: tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq SerenityTherapyInstaller.exe" /FO csv MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • find.exe (PID: 6400 cmdline: C:\Windows\System32\find.exe "SerenityTherapyInstaller.exe" MD5: 15B158BC998EEF74CFDD27C44978AEA0)
  • SerenityTherapyInstaller.exe (PID: 1708 cmdline: "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" MD5: D05989CE9BE7EA67632845FA837299C9)
    • cmd.exe (PID: 1476 cmdline: C:\Windows\system32\cmd.exe /d /s /c "chcp" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6140 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • chcp.com (PID: 2012 cmdline: chcp MD5: 20A59FB950D8A191F7D35C4CA7DA9CAF)
    • cmd.exe (PID: 2924 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6704 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 3220 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
    • cmd.exe (PID: 4160 cmdline: C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 1008 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 5316 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 5172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 4876 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 3652 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 3640 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 3608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • SerenityTherapyInstaller.exe (PID: 4072 cmdline: "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\SerenityTherapyInstaller" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1972 --field-trial-handle=1976,i,9719428906805688631,3168165960160999559,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 MD5: D05989CE9BE7EA67632845FA837299C9)
    • SerenityTherapyInstaller.exe (PID: 2188 cmdline: "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\SerenityTherapyInstaller" --mojo-platform-channel-handle=2144 --field-trial-handle=1976,i,9719428906805688631,3168165960160999559,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8 MD5: D05989CE9BE7EA67632845FA837299C9)
    • cmd.exe (PID: 7124 cmdline: C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log"" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 3212 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • findstr.exe (PID: 1968 cmdline: findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
    • SerenityTherapyInstaller.exe (PID: 2584 cmdline: "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\SerenityTherapyInstaller" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1908 --field-trial-handle=1976,i,9719428906805688631,3168165960160999559,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 MD5: D05989CE9BE7EA67632845FA837299C9)
  • SerenityTherapyInstaller.exe (PID: 1524 cmdline: "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" MD5: D05989CE9BE7EA67632845FA837299C9)
    • cmd.exe (PID: 3880 cmdline: C:\Windows\system32\cmd.exe /d /s /c "chcp" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 3916 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • chcp.com (PID: 2792 cmdline: chcp MD5: 20A59FB950D8A191F7D35C4CA7DA9CAF)
    • cmd.exe (PID: 2572 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 5700 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 5688 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
    • cmd.exe (PID: 5088 cmdline: C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6212 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 1584 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 2136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 2656 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 2356 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 2332 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 2496 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • SerenityTherapyInstaller.exe (PID: 6416 cmdline: "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\SerenityTherapyInstaller" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1912 --field-trial-handle=1916,i,2428637527847521265,8401632774138072131,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 MD5: D05989CE9BE7EA67632845FA837299C9)
    • SerenityTherapyInstaller.exe (PID: 5280 cmdline: "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\SerenityTherapyInstaller" --mojo-platform-channel-handle=1808 --field-trial-handle=1916,i,2428637527847521265,8401632774138072131,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8 MD5: D05989CE9BE7EA67632845FA837299C9)
    • cmd.exe (PID: 5716 cmdline: C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log"" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 1864 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • findstr.exe (PID: 4440 cmdline: findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
    • SerenityTherapyInstaller.exe (PID: 1492 cmdline: "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\SerenityTherapyInstaller" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=944 --field-trial-handle=1916,i,2428637527847521265,8401632774138072131,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 MD5: D05989CE9BE7EA67632845FA837299C9)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Change PowerShell Policies to an Insecure Level
Source: Process startedAuthor: frack113: Data: Command: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -, CommandLine: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" , ParentImage: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe, ParentProcessId: 1708, ParentProcessName: SerenityTherapyInstaller.exe, ProcessCommandLine: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -, ProcessId: 5316, ProcessName: powershell.exe
Sigma detected: Console CodePage Lookup Via CHCP
Source: Process startedAuthor: _pete_0, TheDFIRReport: Data: Command: chcp, CommandLine: chcp, CommandLine|base64offset|contains: r), Image: C:\Windows\SysWOW64\chcp.com, NewProcessName: C:\Windows\SysWOW64\chcp.com, OriginalFileName: C:\Windows\SysWOW64\chcp.com, ParentCommandLine: C:\Windows\system32\cmd.exe /d /s /c "chcp", ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 1476, ParentProcessName: cmd.exe, ProcessCommandLine: chcp, ProcessId: 2012, ProcessName: chcp.com
Sigma detected: Startup Folder File Write
Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\nsis-installer.exe, ProcessId: 280, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SerenityTherapyInstaller.lnk
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -, CommandLine: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" , ParentImage: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe, ParentProcessId: 1708, ParentProcessName: SerenityTherapyInstaller.exe, ProcessCommandLine: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -, ProcessId: 5316, ProcessName: powershell.exe

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: nsis-installer.exeAvira: detected
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\496db3a3-1a7f-4f1b-9fcf-efdaeed463f0.tmp.nodeVirustotal: Detection: 7%Perma Link
Source: C:\Users\user\AppData\Local\Temp\8643e452-b938-4f7e-b6f6-6c79c3287391.tmp.nodeVirustotal: Detection: 8%Perma Link
Source: C:\Users\user\AppData\Local\Temp\a5cccf86-07fd-48a4-a9cf-7cd44af85556.tmp.nodeVirustotal: Detection: 7%Perma Link
Source: C:\Users\user\AppData\Local\Temp\e10a37c2-8429-4258-9cd3-d725395e8215.tmp.nodeVirustotal: Detection: 8%Perma Link
Multi AV Scanner detection for submitted file
Source: nsis-installer.exeReversingLabs: Detection: 37%
Source: nsis-installer.exeVirustotal: Detection: 30%Perma Link
Source: nsis-installer.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\nsis-installer.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cfbc383d-9aa0-5771-9485-7b806e8442d5Jump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\LICENSE.electron.txtJump to behavior
Source: nsis-installer.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: BCC = $(NCC) -nologo -W3 -Fd$*.pdb $(CCOPTS) $(BCCOPTS) source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\SQLITE3\BUILD\RELEASE\NODE_SQLITE3.PDB source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Dev\elevate\bin\x86\Release\Elevate.pdb source: nsis-installer.exe, 00000000.00000003.2342229721.0000000002DCA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: del /Q *.exp *.lo *.ilk *.lib *.obj *.ncb *.pdb *.sdf *.suo 2>NUL source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: LTCOMPILE = $(TCC) -Fo$@ -Fd$*.pdb source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: CLEANFILES="$CLEANFILES *.lib *.dll *.pdb *.exp" source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: /c /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\INCLUDE\NODE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\SRC" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\CONFIG" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\UV\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\ZLIB" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\V8\INCLUDE" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\SRC\STATEMENT.OBJ" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC143.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /analyze- /FC /Zc:__cplusplus -std:c++17 C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\SQLITE3\SRC\STATEMENT.CC source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: /OUT:"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\SQLITE3\BUILD\RELEASE\NODE_SQLITE3.NODE" /INCREMENTAL:NO /NOLOGO KERNEL32.LIB USER32.LIB GDI32.LIB WINSPOOL.LIB COMDLG32.LIB ADVAPI32.LIB SHELL32.LIB OLE32.LIB OLEAUT32.LIB UUID.LIB ODBC32.LIB DELAYIMP.LIB "C:\\USERS\\ADMINISTRATOR\\.ELECTRON-GYP\\24.1.1\\IA32\\NODE.LIB" DELAYIMP.LIB /DELAYLOAD:NODE.EXE /MANIFEST /MANIFESTUAC:"level='asInvoker' uiAccess='false'" /manifest:embed /DEBUG /PDB:"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\SQLITE3\BUILD\RELEASE\NODE_SQLITE3.PDB" /OPT:REF /OPT:ICF /TLBID:1 /DYNAMICBASE /NXCOMPAT /MACHINE:X86 /SAFESEH /LTCG:INCREMENTAL /ignore:4199 /DLL RELEASE\OBJ\NODE_SQLITE3\WIN_DELAY_LOAD_HOOK.OBJ source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO\2022\COMMUNITY\VC\TOOLS\MSVC\14.39.33519\LIB\X86\LIBCMT.I386.PDB source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\ffmpeg.dll.pdb source: nsis-installer.exe, 00000000.00000003.2208092330.0000000005AC0000.00000004.00001000.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2265396042.00000000050CB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: -typedil-fC:\Users\Administrator\Desktop\duvet\src\builds\iL3GxpTZu\source\node_modules\node-gyp\src\win_delay_load_hook.cc-Gs4096-dos-Zi-Z7-W3-pdbrpc-Og-Ob2-Ot-EHs-MT-GS-Gy-FitObjFunc-FitObjData-NoRTTI-FoC:\Users\Administrator\Desktop\duvet\src\builds\iL3GxpTZu\source\node_modules\sqlite3\build\deps\Release\obj\sqlite3\win_delay_load_hook.obj-FdC:\Users\Administrator\Desktop\duvet\src\builds\iL3GxpTZu\source\node_modules\sqlite3\build\Release\sqlite3.pdb-errorreport:queue source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: /c /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\INCLUDE\NODE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\SRC" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\CONFIG" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\UV\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\ZLIB" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\V8\INCLUDE" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\SRC\NODE_SQLITE3.OBJ" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC143.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /analyze- /FC /Zc:__cplusplus -std:c++17 C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\SQLITE3\SRC\NODE_SQLITE3.CC source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO\2022\COMMUNITY\VC\TOOLS\MSVC\14.39.33519\LIB\X86\LIBCPMT.I386.PDB source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\libGLESv2.dll.pdb source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2269640861.00000000050C2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: -FdC:\Users\Administrator\Desktop\duvet\src\builds\iL3GxpTZu\source\node_modules\sqlite3\build\Release\sqlite3.pdb source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\libGLESv2.dll.pdb`)p) source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2269640861.00000000050C2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: /c /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\INCLUDE\NODE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\SRC" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\CONFIG" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\UV\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\ZLIB" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\V8\INCLUDE" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC143.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /analyze- /FC /Zc:__cplusplus -std:c++17 C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\NODE-GYP\SRC\WIN_DELAY_LOAD_HOOK.CC source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: SQLITE3EXEPDB = /pdb:sqlite3sh.pdb source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO\2022\COMMUNITY\VC\TOOLS\MSVC\14.39.33519\LIB\X86\LIBVCRUNTIME.I386.PDB source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ** rbu_file.pDb!=0, then it is assumed to already be present on the source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\libEGL.dll.pdb source: nsis-installer.exe, 00000000.00000003.2208092330.0000000005AC0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: BCC = $(NCC) -nologo -W4 -Fd$*.pdb $(CCOPTS) $(BCCOPTS) source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vk_swiftshader.dll.pdb source: nsis-installer.exe, 00000000.00000003.2336434743.00000000050C2000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2260611134.0000000005AC0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: /c /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\INCLUDE\NODE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\SRC" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\CONFIG" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\UV\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\ZLIB" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\V8\INCLUDE" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\SRC\BACKUP.OBJ" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC143.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /analyze- /FC /Zc:__cplusplus -std:c++17 C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\SQLITE3\SRC\BACKUP.CC source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Users\Administrator\Desktop\duvet\src\builds\iL3GxpTZu\source\node_modules\sqlite3\build\Release\sqlite3.pdb source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ** for all file descriptors with rbu_file.pDb!=0. If the argument has source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\libEGL.dll.pdb source: nsis-installer.exe, 00000000.00000003.2208092330.0000000005AC0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ** rbu_file.pDb!=0. source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: /c /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\INCLUDE\NODE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\SRC" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\CONFIG" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\UV\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\ZLIB" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\V8\INCLUDE" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\SRC\DATABASE.OBJ" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC143.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /analyze- /FC /Zc:__cplusplus -std:c++17 C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\SQLITE3\SRC\DATABASE.CC source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: nsis-installer.exe, 00000000.00000003.2256512300.0000000004B80000.00000004.00001000.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2338261653.0000000004E41000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2260611134.0000000005AC0000.00000004.00001000.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2256207119.0000000002E60000.00000004.00001000.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\nsis-installer.exeCode function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004059CC
Source: C:\Users\user\Desktop\nsis-installer.exeCode function: 0_2_004065FD FindFirstFileW,FindClose,0_2_004065FD
Source: C:\Users\user\Desktop\nsis-installer.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
Source: C:\Users\user\Desktop\nsis-installer.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeFile opened: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeFile opened: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstallerJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeFile opened: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeJump to behavior
Source: Joe Sandbox ViewIP Address: 34.117.186.192 34.117.186.192
Source: Joe Sandbox ViewIP Address: 34.117.186.192 34.117.186.192
Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
Source: Joe Sandbox ViewIP Address: 172.64.41.3 172.64.41.3
Source: unknownDNS query: name: ipinfo.io
Source: unknownDNS query: name: ipinfo.io
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: V8.MemoryHeapUsedV8.MemoryHeapCommittedmail.google.com.gmaildrive.google.com.docsplus.google.com.plus.inbox.calendarwww.youtube.com.youtube.top10sina.com.cnfacebook.combaidu.comtwitter.comtaobao.comwikipedia equals www.youtube.com (Youtube)
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: unknownDNS traffic detected: queries for: ipinfo.io
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.css
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.jpg
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1085
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1452
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1452expandIntegerPowExpressionsThe
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1512
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1637
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1936
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2046
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2152
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2152skipVSConstantRegisterZeroIn
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2273
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2894
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2978
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3027
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3045
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3246
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3246allowClearForRobustResourceInitSome
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3682
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3682allowES3OnFL100Allow
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3729
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3997
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4214
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4267
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4646
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/482
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007disableDrawBuffersIndexedDisable
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5469
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5577
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658forceGlErrorCheckingForce
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750forceRobustResourceInitForce-enable
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041forceInitShaderVariablesForce-enable
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036dumpShaderSourceWrite
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279cacheCompiledShaderEnable
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7527
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724disableAnisotropicFilteringDisable
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760enableShaderSubstitutionCheck
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761Frontend
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://blog.izs.me)
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://blog.izs.me/)
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://certificates.godaddy.com/repository/gd_intermediate.crt0
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://certificates.godaddy.com/repository100.
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cgit.freedesktop.org/xorg/xserver/tree/COPYING
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cldr.unicode.org/index/downloads
Source: nsis-installer.exe, 00000000.00000003.2261777652.0000000007290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/closure-compiler/wiki/SourceMaps
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/smhasher/
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/v8
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1094869
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/110263
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1144207
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1165751
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1165751disableProgramBinaryDisable
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1171371
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1181068
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1181193
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/308366
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/403957
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/550292
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/565179
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/642227
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/642605
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/644669
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/650547
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/672380
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/709351
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/797243
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/809422
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/830046
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/849576
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/883276
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/927470
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/941620
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/941620allowTranslateUniformBlockToStructuredBufferThere
Source: nsis-installer.exe, 00000000.00000003.2261777652.0000000007290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: nsis-installer.exe, 00000000.00000003.2261777652.0000000007290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: nsis-installer.exe, 00000000.00000003.2261777652.0000000007290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.godaddy.com/gds1-20
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://devel.freebsoft.org/speechd
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://developer.android.com/tools/extras/support-library.html
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/common
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/commonnode-set..
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fedorahosted.org/lohit>
Source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://fossil-scm.org).
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://freedesktop.org
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://git.linuxtv.org/v4l-utils.git
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.github.io/snappy/
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://html4/loose.dtd
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://icl.com/saxon
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://icl.com/saxonorg.apache.xalan.xslt.extensions.RedirectxsltDocumentElem:
Source: nsis-installer.exe, 00000000.00000003.2342229721.0000000002DCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://int3.de/
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://istanbul-js.org/
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://labs.creativecommons.org/licenses/zero-waive/1.0/us/legalcode>
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://localhosthttp://127.0.0.1object-src
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mxr.mozilla.org/comm-central/source/mozilla/netwerk/base/src/nsURLParsers.cpp
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://n8.io/)
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://narwhaljs.org)
Source: nsis-installer.exe, 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmp, nsis-installer.exe, 00000000.00000000.2130486279.000000000040A000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.godaddy.com/0J
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://re-becca.org)
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://re-becca.org/)
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://s..
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://scripts.sil.org/OFL
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://source.android.com/
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://source.android.com/compatibility)
Source: nsis-installer.exe, 00000000.00000003.2261777652.0000000007290000.00000004.00001000.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/xz/COPYING
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tukaani.org/xz/
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://userguide.icu-project.org/strings/properties
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://valgrind.org
Source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://web.archive.org/
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://webkit.org/
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://wpad/wpad.dat
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://wpad/wpad.dat..
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.chromium.org
Source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.fossil-scm.org/
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.freedesktop.org/wiki/Software/xdg-user-dirs
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.futurealoof.com)
Source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.gnu.org/licenses/
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gutenberg.org/ebooks/53).
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3C//DTD
Source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.icu-project.org/userguide/posix.html#case_mappings
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.jclark.com/xt
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.linux-usb.org/usb-ids.html
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.midnight-commander.org/browser/lib/tty/key.c
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/MPL/
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nongnu.org/freebangfont/downloads.html#mukti
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ploscompbiol.org/static/license
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.software-architect.net/blog/article/date/2015/06/12/-826c6e5052.html
Source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/
Source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/compile.html).
Source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/copyright.html
Source: nsis-installer.exe, 00000000.00000003.2203135466.00000000057C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/src/info/6709574d2a
Source: nsis-installer.exe, 00000000.00000003.2203135466.00000000057C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/src/info/f2369304e4
Source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/tclsqlite.html
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.squid-cache.org/Doc/config/half_closed_clients/
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.strongtalk.org/
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.suitable.com
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.suitable.com/tools/smslib.html
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.suitable.com/tools/smslib.html>
Source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org
Source: nsis-installer.exe, 00000000.00000003.2185816773.0000000005CC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/copyright.html
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.webrtc.org
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xmlsoft.org/XSLT/
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xmlsoft.org/XSLT/namespace
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xmlsoft.org/XSLT/namespacehttp://www.jclark.com/xtxsl:key
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xmlsoft.org/XSLT/xsltNewExtDef
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zlib.net/
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4674
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4849
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5140
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5536
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246enableCaptureLimitsSet
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7405
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons.gcp.gvt2.com/domainreliability/upload
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons.gcp.gvt2.com/domainreliability/uploadhttps://beacons.gvt2.com/domainreliability/uplo
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons.gvt2.com/domainreliability/upload
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons2.gvt2.com/domainreliability/upload
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons3.gvt2.com/domainreliability/upload
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons4.gvt2.com/domainreliability/upload
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons5.gvt2.com/domainreliability/upload
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons5.gvt3.com/domainreliability/upload
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bit.ly/3rpDuEX.
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bit.ly/3rpDuEX.WebBundleURLLoaderFactory::OnResponseParsedInvalid
Source: nsis-installer.exe, 00000000.00000003.2261777652.00000000073D7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
Source: nsis-installer.exe, 00000000.00000003.2261777652.00000000073D7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.htmlMixed
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=10201
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.fuchsia.dev/p/fuchsia/issues/detail?id=107106
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=745678
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.android.clients.google.com/
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.bigcache.googleapis.com/
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.doc-0-0-sj.sj.googleusercontent.com/
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.docs.google.com/
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.drive.google.com/
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.googlesyndication.com/
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.pack.google.com/
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.play.google.com/
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.youtube.com/
Source: SerenityTherapyInstaller.exe, 00000008.00000000.2365305161.0000000007205000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://chrome-devtools-frontend.appspot.com/
Source: SerenityTherapyInstaller.exe, 00000008.00000000.2365305161.0000000007205000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://chrome-devtools-frontend.appspot.com/%s%s/%s/NetworkResourceLoaderstreamWriteInspectableWebC
Source: nsis-installer.exe, 00000000.00000003.2342167557.0000000004E41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=ur&category=theme81https://myactivity.google.com/myactivity/?u
Source: nsis-installer.exe, 00000000.00000003.2342167557.0000000004E41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=zh-TW&category=theme81https://myactivity.google.com/myactivity
Source: nsis-installer.exe, 00000000.00000003.2261777652.00000000073D7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromestatus.com/feature/5105856067141632.
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromestatus.com/feature/5463833265045504.
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromestatus.com/feature/5463833265045504.Found
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/angle/angle/
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/chromium/src/
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/vulkan-deps/
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/webm/libwebm
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/webm/libwebp
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/domainreliability/upload
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#clear
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#console-namespace
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#count
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#count-map
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#countreset
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#table
Source: nsis-installer.exe, 00000000.00000003.2261777652.00000000073D7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1038223.
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1042393
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1046462
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1060012
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1091824
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1137851
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1154140
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1300575
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1356053
Source: nsis-installer.exe, 00000000.00000003.2261777652.00000000073D7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1412729
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/593024
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/593024selectViewInGeometryShaderThe
Source: nsis-installer.exe, 00000000.00000003.2261777652.00000000073D7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/619103.
Source: nsis-installer.exe, 00000000.00000003.2261777652.00000000073D7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/619103.Subsequence
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/650547
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/650547callClearTwiceUsing
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/655534
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/655534useSystemMemoryForConstantBuffersCopying
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/705865
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/710443
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/811661
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/848952
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/927119
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/927119..
Source: nsis-installer.exe, 00000000.00000003.2261777652.00000000073D7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/981419
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/v8/7848
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://creativecommons.org/licenses/by/3.0/
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cs.chromium.org/chromium/src/v8/tools/SourceMap.js?rcl=dd10454c1d
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/draft-ietf-rtcweb-ip-handling.
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc7231#section-6.4
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc7238
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dejavu-fonts.github.io/Download.html
Source: nsis-installer.exe, 00000000.00000003.2261777652.00000000073D7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.chrome.com/blog/enabling-shared-array-buffer/
Source: nsis-installer.exe, 00000000.00000003.2261777652.00000000073D7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.chrome.com/blog/immutable-document-domain/
Source: nsis-installer.exe, 00000000.00000003.2261777652.00000000073D7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.chrome.com/docs/extensions/mv3/cross-origin-isolation/.
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/SpiderMonkey/Parser_API
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/PerformanceResourceTiming
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Equality_comparisons_and_sameness#Loose_equa
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developers.google.com/android/guides/setup
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developers.google.com/web/updates/2016/08/removing-document-write
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
Source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://elinux.org/RPI_vcgencmd_usage
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://elinux.org/RPi_HardwareHistory
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#encode-and-enqueue-a-chunk
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#encode-and-flush
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#textdecoder
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#textencoder
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://esdiscuss.org/topic/isconstructor#content-11
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fetch.spec.whatwg.org/
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fetch.spec.whatwg.org/#fetch-timing-info
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gcp.gvt2.com/
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gcp.gvt6.com/
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/XVilka/8346728#gistcomment-2823421
Source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Buzut)
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Cyan4973/xxHash
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/GPUOpen-LibrariesAndSDKs/VulkanMemoryAllocator
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/GoogleChromeLabs/text-fragments-polyfill
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/SPIRV-Cross
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/SPIRV-Headers.git
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/SPIRV-Tools.git
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/Vulkan-Headers
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/Vulkan-Loader
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Squirrel/Squirrel.Mac
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/TooTallNate/util-deprecate
Source: nsis-installer.exe, 00000000.00000003.2261777652.00000000073D7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WICG/construct-stylesheets/issues/119#issuecomment-588352418.
Source: nsis-installer.exe, 00000000.00000003.2261777652.00000000073D7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WICG/construct-stylesheets/issues/119#issuecomment-588352418.border-boxcontent-bo
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WICG/scheduling-apis
Source: nsis-installer.exe, 00000000.00000003.2261777652.00000000073D7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WICG/shared-element-transitions/blob/main/debugging_overflow_on_images.md.
Source: nsis-installer.exe, 00000000.00000003.2261777652.00000000073D7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WICG/view-transitions/blob/main/debugging_overflow_on_images.md
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WebAssembly/esm-integration/issues/42
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/aawc/unrar.git
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/acornjs/acorn/blob/master/acorn/src/identifier.js#L23
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/acornjs/acorn/issues/575
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/addaleax/eventemitter-asyncresource
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/ansi-regex/blob/HEAD/index.js
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/supports-color
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chromium/chromium/blob/HEAD/third_party/blink/public/platform/web_crypto_algorith
Source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/csy1983)
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/da-x/rxvt-unicode/tree/v9.22-with-24bit-color
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/electron/electron/issues/18397.
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/electron/electron/issues/18397.Module
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/estree/estree/blob/a27003adf4fd7bfad44de9cef372a2eacd527b1c/es5.md#regexpliteral
Source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/glegrain)
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/repairES5.js
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/startSES.js
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/wiki/Source-Maps
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/diff-match-patch/tree/master/javascript
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/distributed_point_functions
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/google-api-cpp-client/
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/ruy
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/ukey2
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/woff2
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/wuffs-mirror-release-c
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/xnnpack
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/heycam/webidl/pull/946.
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/unique-filename
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/unique-filename.git
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/wide-align
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/color-support.
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/minipass.git
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/node-tar.git
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/yallist.git
Source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyent/node
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyent/node/issues/3295.
Source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/lapsio)
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/libuv/libuv/pull/1501.
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/end-of-stream
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/pump
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/tar-fs
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/tar-fs.git
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/tar-stream
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/tar-stream.git
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mikeal/tunnel-agent
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mysticatea/abort-controller
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-v0.x-archive/issues/2876.
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/commit/ec2822adaad76b126b5cccdeaa1addf2376c9aa6
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/commit/f7620fb96d339f704932f9bb9a0dceb9952df2d4
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/10673
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/13435
Source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/13581
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/19009
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/2006
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/2119
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/3392
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/34532
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35452
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35475
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35862
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35981
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/39707
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/39758
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/45699
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/12342
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/12607
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/13870#discussion_r124515293
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/1771#issuecomment-119351671
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/21313
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/26334.
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/30380#issuecomment-552948364
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/30958
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/32887
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/33515.
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/33661
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/3394
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34010
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34103#issuecomment-652002364
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34375
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34385
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/35941
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/35949#issuecomment-722496598
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/36061#discussion_r533718029
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/38248
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/38433#issuecomment-828426932
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/38614)
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/43714
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/44952
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/46161
Source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/string_decoder
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-semver.git
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-tar/blob/51b6627a1f357d2eb433e7378e5f05e83b7aa6cd/lib/header.js#L349
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-tar/issues/183
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-tar/pull/187
Source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/ssri
Source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/wrappy
Source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/richy24)
Source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sebhildebrandt/systeminformation.git
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/sindresorhus
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/standard-things/esm/issues/821.
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/ecma262/blob/HEAD/LICENSE.md
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/ecma262/issues/1209
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/proposal-iterator-helpers/issues/169
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/proposal-ses/blob/e5271cc42a257a05dcae2fd94713ed2f46c08620/shim/src/freeze.j
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/proposal-weakrefs
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/models
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/tensorflow
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/text.git
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/tflite-support
Source: nsis-installer.exe, 00000000.00000003.2261777652.00000000073D7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/ServiceWorker/issues/1356.
Source: nsis-installer.exe, 00000000.00000003.2261777652.00000000073D7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/ServiceWorker/issues/1356.v8.produceCachev8.produceModuleCacheV8.ProduceCodeC
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/gamepad/pull/120
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/gamepad/pull/120Access
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-featuresDeviceOri
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/webappsec-trusted-types/wiki/Trusted-Types-for-function-constructor
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/wasdk/wasmparser
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/web-animations/web-animations-js
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitlab.freedesktop.org/wayland/weston
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitlab.freedesktop.org/xdg/xdgmime
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitlab.freedesktop.org/xorg/proto/xproto/
Source: nsis-installer.exe, 00000000.00000003.2261777652.00000000073D7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/LdLk22
Source: nsis-installer.exe, 00000000.00000003.2261777652.00000000073D7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/LdLk22MEDIA_ELEMENT_ERROR:
Source: nsis-installer.exe, 00000000.00000003.2261777652.00000000073D7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/LdLk22Media
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/rStTGz
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/t5IS6M).
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/xX8pDD
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/xX8pDDplay()
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/ximf56
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/ximf56Iframe
Source: nsis-installer.exe, 00000000.00000003.2261777652.00000000073D7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gle/chrome-insecure-origins
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-analytics.com/
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://googlevideo.com/
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gvt1.com/
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gvt2.com/
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gvt6.com/
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#Replaceable
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#define-the-operations
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-class-string
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-default-iterator-object
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-iterator-prototype-object
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-interfaces
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterable
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterable-entries
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterators
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-namespaces
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-operations
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-stringifier
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaque
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequentlyOut
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/dom.html#custom-data-attribute.
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#forgiving-base64
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#forgiving-base64-decode
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://invisible-island.net/ncurses/terminfo.ti.html#toc-_Specials
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903emulatePixelLocalStorageEmulate
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: nsis-installer.exe, 00000000.00000003.2261777652.0000000007290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://jimmy.warting.se/opensource
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://linux.die.net/man/1/dircolors).
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://no-color.org/
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode).
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html#fs_stat_time_values)
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/http.html#http_class_http_incomingmessage
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v18.14.0/node-v18.14.0-headers.tar.gz
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v18.14.0/node-v18.14.0.tar.gz
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v18.14.0/node-v18.14.0.tar.gzhttps://nodejs.org/download/release
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v18.14.0/win-x86/node.lib
Source: nsis-installer.exe, 00000000.00000003.2261777652.00000000073D7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/en/docs/inspector
Source: nsis-installer.exe, 00000000.00000003.2261777652.00000000073D7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/en/docs/inspectorFor
Source: nsis-installer.exe, 00000000.00000003.2261777652.00000000073D7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/static/images/favicons/favicon.ico
Source: nsis-installer.exe, 00000000.00000003.2261777652.00000000073D7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/static/images/favicons/favicon.icofaviconUrldevtoolsFrontendUrldevtoolsFrontendUr
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pagure.io/lohit
Source: SerenityTherapyInstaller.exe, 00000008.00000000.2365305161.0000000007205000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://perfetto.dev/docs/contributing/getting-started#community).
Source: SerenityTherapyInstaller.exe, 00000008.00000000.2365305161.0000000007205000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://perfetto.dev/docs/contributing/getting-started#community).No
Source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://plus-innovations.com)
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html).
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://semver.org/
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sindresorhus.com
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sindresorhus.com)
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/site/gaviotachessuser/Home/endgame-tablebases-1
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://source.chromium.org/chromium/chromium/src/
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/wtl/files/WTL%2010/
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sourcemaps.info/spec.html
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/
Source: nsis-installer.exe, 00000000.00000003.2203135466.00000000057C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/forum/forumpost/08a0d6d9bf
Source: nsis-installer.exe, 00000000.00000003.2203135466.00000000057C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/forum/forumpost/157dc791df
Source: nsis-installer.exe, 00000000.00000003.2203135466.00000000057C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/forum/forumpost/206d99a16dd9212f
Source: nsis-installer.exe, 00000000.00000003.2203135466.00000000057C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/forum/forumpost/24083b579d.
Source: nsis-installer.exe, 00000000.00000003.2203135466.00000000057C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/forum/forumpost/2d76f2bcf65d256a
Source: nsis-installer.exe, 00000000.00000003.2203135466.00000000057C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/forum/forumpost/36937b197273d403
Source: nsis-installer.exe, 00000000.00000003.2203135466.00000000057C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/forum/forumpost/51e6959f61
Source: nsis-installer.exe, 00000000.00000003.2203135466.00000000057C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/forum/forumpost/68d284c86b082c3e
Source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/forum/forumpost/726219164b
Source: nsis-installer.exe, 00000000.00000003.2203135466.00000000057C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/forum/forumpost/83cb4a95a0
Source: nsis-installer.exe, 00000000.00000003.2203135466.00000000057C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/forum/forumpost/b40696f50145d21c
Source: nsis-installer.exe, 00000000.00000003.2203135466.00000000057C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/forum/forumpost/eb8613976a
Source: nsis-installer.exe, 00000000.00000003.2203135466.00000000057C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/src/info/0f0428096f17252a
Source: nsis-installer.exe, 00000000.00000003.2203135466.00000000057C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/src/info/b043a54c3de54b28
Source: nsis-installer.exe, 00000000.00000003.2203135466.00000000057C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/src/info/c94369cae9b561b1
Source: nsis-installer.exe, 00000000.00000003.2203135466.00000000057C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/src/info/ce8717f0885af975
Source: nsis-installer.exe, 00000000.00000003.2203135466.00000000057C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/src/info/fd76310a5e843e07
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/a/5501711/3561
Source: nsis-installer.exe, 00000000.00000003.2342167557.0000000004E41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/a/answer/9122284
Source: nsis-installer.exe, 00000000.00000003.2342167557.0000000004E41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://swiftshader.googlesource.com/SwiftShader
Source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://systeminformation.io
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-%typedarray%-intrinsic-object
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-timeclip
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#table-typeof-operator-results
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-%typedarray%.of
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-object.prototype.tostring
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://testanything.org/tap-version-14-specification.html
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://testanything.org/tap-version-14-specification.html#subtests
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2397#section-2
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3492#section-3.4
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3986#section-3.2.2
Source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5234#appendix-B.1
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc6455#section-1.3
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.2
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.6
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7540#section-8.1.2.5
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#cannot-have-a-username-password-port
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-url
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-url-origin
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-parser
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-serializer
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#forbidden-host-code-point
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#special-scheme
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#url
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#url-serializing
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://v8.dev/blog/v8-release-89
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/manifest/#installability-signals
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/resource-timing/#dfn-mark-resource-timing
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/resource-timing/#dfn-setup-the-resource-timing-entry
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/resource-timing/#dom-performance-setresourcetimingbuffersize
Source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#grammardef-option-expression
Source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#integrity-metadata-description
Source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#the-integrity-attribute
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webassembly.github.io/spec/web-api
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webidl.spec.whatwg.org/#es-dictionary
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3F
Source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wiki.ubuntuusers.de/lsblk/
Source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.buymeacoffee.com/systeminfo
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/4664843055398912
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5082396709879808
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5093566007214080
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5636954674692096
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5718547946799104
Source: nsis-installer.exe, 00000000.00000003.2261777652.00000000073D7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5738264052891648
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5745543795965952
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5745543795965952unload/beforeunload
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5851021045661696.
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5851021045661696.The
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/6662647093133312
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/6662647093133312InputDeviceCapabilities
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromium.org/blink/origin-trials/portals.
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromium.org/blink/origin-trials/portals.The
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dmtf.org/sites/default/files/standards/documents/DSP0134_3.4.0a.pdf
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-line-terminators
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-promise.all
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Alternative
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Atom
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClass
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClassEscape
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtom
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtomNoDash
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassRanges
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlEscape
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlLetter
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalDigits
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscape
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Disjunction
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Hex4Digits
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigit
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigits
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexEscapeSequence
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRanges
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRangesNoDash
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-OctalDigit
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Pattern
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-PatternCharacter
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Quantifier
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-QuantifierPrefix
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-RegExpUnicodeEscapeSequence
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-SyntaxCharacter
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Assertion
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-AtomEscape
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-CharacterEscape
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassControlLetter
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassEscape
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedAtom
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedPatternCharacter
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-IdentityEscape
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-InvalidBracedQuantifier
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-LegacyOctalEscapeSequence
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Term
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-atomescape
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-term
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.iana.org/assignments/tls-extensiontype-values
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.inetdaemon.com/tutorials/internet/ip/routing/default_route.shtml
Source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.raspberrypi.org/documentation/hardware/raspberrypi/revision-codes/README.md
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc9110#section-5.2
Source: nsis-installer.exe, 00000000.00000003.2203135466.00000000057C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.sqlite.org/src/info/083f9e6270).
Source: nsis-installer.exe, 00000000.00000003.2203135466.00000000057C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.sqlite.org/src/info/908f001483982c43
Source: nsis-installer.exe, 00000000.00000003.2203135466.00000000057C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.sqlite.org/src/info/bba7b69f9849b5bf
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.swift.org/download/
Source: nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
Source: nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.unicode.org/copyright.html.
Source: nsis-installer.exe, 00000000.00000003.2261777652.00000000073D7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/.
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: C:\Users\user\Desktop\nsis-installer.exeCode function: 0_2_00405461 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405461
Source: nsis-installer.exe, 00000000.00000003.2261777652.00000000073D7000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: RegisterRawInputDevices() failed for RIDEV_REMOVE memstr_8d7e117d-c
Source: C:\Users\user\Desktop\nsis-installer.exeCode function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040338F
Source: C:\Users\user\Desktop\nsis-installer.exeCode function: 0_2_00406B150_2_00406B15
Source: C:\Users\user\Desktop\nsis-installer.exeCode function: 0_2_004072EC0_2_004072EC
Source: C:\Users\user\Desktop\nsis-installer.exeCode function: 0_2_00404C9E0_2_00404C9E
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_0526B95019_2_0526B950
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_0526680819_2_05266808
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_0526EE0019_2_0526EE00
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_0526B94F19_2_0526B94F
Source: C:\Users\user\Desktop\nsis-installer.exeProcess token adjusted: SecurityJump to behavior
Source: nsis-installer.exeStatic PE information: invalid certificate
Source: nsis-installer.exe, 00000000.00000003.2336434743.00000000050C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevk_swiftshader.dll, vs nsis-installer.exe
Source: nsis-installer.exe, 00000000.00000003.2208092330.0000000005AC0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibEGL.dllb! vs nsis-installer.exe
Source: nsis-installer.exe, 00000000.00000003.2208092330.0000000005AC0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs nsis-installer.exe
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dllb! vs nsis-installer.exe
Source: nsis-installer.exe, 00000000.00000003.2342229721.0000000002DCA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameElevate.exeH vs nsis-installer.exe
Source: nsis-installer.exe, 00000000.00000003.2269640861.00000000050C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dllb! vs nsis-installer.exe
Source: nsis-installer.exe, 00000000.00000003.2260611134.0000000005AC0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevk_swiftshader.dll, vs nsis-installer.exe
Source: nsis-installer.exe, 00000000.00000003.2264196913.00000000050CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs nsis-installer.exe
Source: nsis-installer.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: mal76.spyw.evad.winEXE@76/131@48/3
Source: C:\Users\user\Desktop\nsis-installer.exeCode function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040338F
Source: C:\Users\user\Desktop\nsis-installer.exeCode function: 0_2_00404722 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404722
Source: C:\Users\user\Desktop\nsis-installer.exeCode function: 0_2_00402104 CoCreateInstance,0_2_00402104
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2136:120:WilError_03
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2356:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3916:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3608:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3212:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6704:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6520:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2496:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5172:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6212:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5700:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1008:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1864:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6140:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3652:120:WilError_03
Source: C:\Users\user\Desktop\nsis-installer.exeMutant created: \Sessions\1\BaseNamedObjects\cfbc383d-9aa0-5771-9485-7b806e8442d5
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nscFBA.tmpJump to behavior
Source: nsis-installer.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'SERENITYTHERAPYINSTALLER.EXE'
Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Users\user\Desktop\nsis-installer.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Selector or media text is not valid.Source range didn't match existing source rangeSource range didn't match existing style source rangeKeyframe key text is not valid.Style text is not valid.Selector or container query text is not valid.CQ Source range didn't match existing style source rangeSelector or supports rule text is not valid.Supports source range didn't match existing source rangeSelector or scope rule text is not valid.Scope source range didn't match existing source range' could not be added in style sheet.The rule '' could not be added in media rule.Cannot insert rule inside rule selector.Cannot insert rule in non-media rule.Source range must be collapsed.Rule text is not valid.Style is read-only.No style rule could be found in given range.No parent stylesheet could be found.Cannot remove rule from non-media rule./\*[^]*?\*/: none; }-webkit-boguz-propertee { -webkit-boguz-propertee : none; } }@keyframes boguzAnim { div {: none; } } { div { @media @container @scope -moz--o--ms-"' %
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: nsis-installer.exeReversingLabs: Detection: 37%
Source: nsis-installer.exeVirustotal: Detection: 30%
Source: C:\Users\user\Desktop\nsis-installer.exeFile read: C:\Users\user\Desktop\nsis-installer.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\nsis-installer.exe "C:\Users\user\Desktop\nsis-installer.exe"
Source: C:\Users\user\Desktop\nsis-installer.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq SerenityTherapyInstaller.exe" /FO csv | %SYSTEMROOT%\System32\find.exe "SerenityTherapyInstaller.exe"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq SerenityTherapyInstaller.exe" /FO csv
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\find.exe C:\Windows\System32\find.exe "SerenityTherapyInstaller.exe"
Source: unknownProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe"
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "chcp"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcp
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\SerenityTherapyInstaller" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1972 --field-trial-handle=1976,i,9719428906805688631,3168165960160999559,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\SerenityTherapyInstaller" --mojo-platform-channel-handle=2144 --field-trial-handle=1976,i,9719428906805688631,3168165960160999559,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"
Source: unknownProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe"
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "chcp"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcp
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\SerenityTherapyInstaller" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1912 --field-trial-handle=1916,i,2428637527847521265,8401632774138072131,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\SerenityTherapyInstaller" --mojo-platform-channel-handle=1808 --field-trial-handle=1916,i,2428637527847521265,8401632774138072131,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\SerenityTherapyInstaller" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1908 --field-trial-handle=1976,i,9719428906805688631,3168165960160999559,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\SerenityTherapyInstaller" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=944 --field-trial-handle=1916,i,2428637527847521265,8401632774138072131,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\Desktop\nsis-installer.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq SerenityTherapyInstaller.exe" /FO csv | %SYSTEMROOT%\System32\find.exe "SerenityTherapyInstaller.exe"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq SerenityTherapyInstaller.exe" /FO csv Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\find.exe C:\Windows\System32\find.exe "SerenityTherapyInstaller.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "chcp"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\SerenityTherapyInstaller" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1972 --field-trial-handle=1976,i,9719428906805688631,3168165960160999559,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\SerenityTherapyInstaller" --mojo-platform-channel-handle=2144 --field-trial-handle=1976,i,9719428906805688631,3168165960160999559,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\SerenityTherapyInstaller" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1908 --field-trial-handle=1976,i,9719428906805688631,3168165960160999559,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcpJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "chcp"
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\SerenityTherapyInstaller" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1912 --field-trial-handle=1916,i,2428637527847521265,8401632774138072131,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\SerenityTherapyInstaller" --mojo-platform-channel-handle=1808 --field-trial-handle=1916,i,2428637527847521265,8401632774138072131,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\SerenityTherapyInstaller" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=944 --field-trial-handle=1916,i,2428637527847521265,8401632774138072131,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcp
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\find.exeSection loaded: ulib.dllJump to behavior
Source: C:\Windows\SysWOW64\find.exeSection loaded: fsutilext.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: kbdus.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: mmdevapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: devobj.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: mscms.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\SysWOW64\chcp.comSection loaded: ulib.dllJump to behavior
Source: C:\Windows\SysWOW64\chcp.comSection loaded: fsutilext.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: mf.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: msmpeg2vdec.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: mfperfhelper.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dxva2.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: msvproc.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: windows.ui.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: windowmanagementapi.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: inputhost.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: mscms.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: coloradapterclient.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: mmdevapi.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: devobj.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\SysWOW64\chcp.comSection loaded: ulib.dll
Source: C:\Windows\SysWOW64\chcp.comSection loaded: fsutilext.dll
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: mf.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: msmpeg2vdec.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: mfperfhelper.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dxva2.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: msvproc.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeSection loaded: uiautomationcore.dll
Source: C:\Users\user\Desktop\nsis-installer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq SerenityTherapyInstaller.exe" /FO csv
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cfbc383d-9aa0-5771-9485-7b806e8442d5Jump to behavior
Source: nsis-installer.exeStatic file information: File size 78057262 > 1048576
Source: nsis-installer.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: BCC = $(NCC) -nologo -W3 -Fd$*.pdb $(CCOPTS) $(BCCOPTS) source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\SQLITE3\BUILD\RELEASE\NODE_SQLITE3.PDB source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Dev\elevate\bin\x86\Release\Elevate.pdb source: nsis-installer.exe, 00000000.00000003.2342229721.0000000002DCA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: del /Q *.exp *.lo *.ilk *.lib *.obj *.ncb *.pdb *.sdf *.suo 2>NUL source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: LTCOMPILE = $(TCC) -Fo$@ -Fd$*.pdb source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: CLEANFILES="$CLEANFILES *.lib *.dll *.pdb *.exp" source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: /c /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\INCLUDE\NODE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\SRC" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\CONFIG" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\UV\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\ZLIB" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\V8\INCLUDE" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\SRC\STATEMENT.OBJ" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC143.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /analyze- /FC /Zc:__cplusplus -std:c++17 C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\SQLITE3\SRC\STATEMENT.CC source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: /OUT:"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\SQLITE3\BUILD\RELEASE\NODE_SQLITE3.NODE" /INCREMENTAL:NO /NOLOGO KERNEL32.LIB USER32.LIB GDI32.LIB WINSPOOL.LIB COMDLG32.LIB ADVAPI32.LIB SHELL32.LIB OLE32.LIB OLEAUT32.LIB UUID.LIB ODBC32.LIB DELAYIMP.LIB "C:\\USERS\\ADMINISTRATOR\\.ELECTRON-GYP\\24.1.1\\IA32\\NODE.LIB" DELAYIMP.LIB /DELAYLOAD:NODE.EXE /MANIFEST /MANIFESTUAC:"level='asInvoker' uiAccess='false'" /manifest:embed /DEBUG /PDB:"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\SQLITE3\BUILD\RELEASE\NODE_SQLITE3.PDB" /OPT:REF /OPT:ICF /TLBID:1 /DYNAMICBASE /NXCOMPAT /MACHINE:X86 /SAFESEH /LTCG:INCREMENTAL /ignore:4199 /DLL RELEASE\OBJ\NODE_SQLITE3\WIN_DELAY_LOAD_HOOK.OBJ source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO\2022\COMMUNITY\VC\TOOLS\MSVC\14.39.33519\LIB\X86\LIBCMT.I386.PDB source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\ffmpeg.dll.pdb source: nsis-installer.exe, 00000000.00000003.2208092330.0000000005AC0000.00000004.00001000.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2265396042.00000000050CB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: -typedil-fC:\Users\Administrator\Desktop\duvet\src\builds\iL3GxpTZu\source\node_modules\node-gyp\src\win_delay_load_hook.cc-Gs4096-dos-Zi-Z7-W3-pdbrpc-Og-Ob2-Ot-EHs-MT-GS-Gy-FitObjFunc-FitObjData-NoRTTI-FoC:\Users\Administrator\Desktop\duvet\src\builds\iL3GxpTZu\source\node_modules\sqlite3\build\deps\Release\obj\sqlite3\win_delay_load_hook.obj-FdC:\Users\Administrator\Desktop\duvet\src\builds\iL3GxpTZu\source\node_modules\sqlite3\build\Release\sqlite3.pdb-errorreport:queue source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: /c /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\INCLUDE\NODE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\SRC" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\CONFIG" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\UV\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\ZLIB" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\V8\INCLUDE" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\SRC\NODE_SQLITE3.OBJ" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC143.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /analyze- /FC /Zc:__cplusplus -std:c++17 C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\SQLITE3\SRC\NODE_SQLITE3.CC source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO\2022\COMMUNITY\VC\TOOLS\MSVC\14.39.33519\LIB\X86\LIBCPMT.I386.PDB source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\libGLESv2.dll.pdb source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2269640861.00000000050C2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: -FdC:\Users\Administrator\Desktop\duvet\src\builds\iL3GxpTZu\source\node_modules\sqlite3\build\Release\sqlite3.pdb source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\libGLESv2.dll.pdb`)p) source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2269640861.00000000050C2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: /c /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\INCLUDE\NODE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\SRC" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\CONFIG" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\UV\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\ZLIB" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\V8\INCLUDE" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC143.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /analyze- /FC /Zc:__cplusplus -std:c++17 C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\NODE-GYP\SRC\WIN_DELAY_LOAD_HOOK.CC source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: SQLITE3EXEPDB = /pdb:sqlite3sh.pdb source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO\2022\COMMUNITY\VC\TOOLS\MSVC\14.39.33519\LIB\X86\LIBVCRUNTIME.I386.PDB source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ** rbu_file.pDb!=0, then it is assumed to already be present on the source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\libEGL.dll.pdb source: nsis-installer.exe, 00000000.00000003.2208092330.0000000005AC0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: BCC = $(NCC) -nologo -W4 -Fd$*.pdb $(CCOPTS) $(BCCOPTS) source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vk_swiftshader.dll.pdb source: nsis-installer.exe, 00000000.00000003.2336434743.00000000050C2000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2260611134.0000000005AC0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: /c /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\INCLUDE\NODE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\SRC" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\CONFIG" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\UV\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\ZLIB" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\V8\INCLUDE" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\SRC\BACKUP.OBJ" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC143.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /analyze- /FC /Zc:__cplusplus -std:c++17 C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\SQLITE3\SRC\BACKUP.CC source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Users\Administrator\Desktop\duvet\src\builds\iL3GxpTZu\source\node_modules\sqlite3\build\Release\sqlite3.pdb source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ** for all file descriptors with rbu_file.pDb!=0. If the argument has source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\libEGL.dll.pdb source: nsis-installer.exe, 00000000.00000003.2208092330.0000000005AC0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ** rbu_file.pDb!=0. source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: /c /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\INCLUDE\NODE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\SRC" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\CONFIG" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\UV\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\ZLIB" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\V8\INCLUDE" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\SRC\DATABASE.OBJ" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC143.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /analyze- /FC /Zc:__cplusplus -std:c++17 C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\IL3GXPTZU\SOURCE\NODE_MODULES\SQLITE3\SRC\DATABASE.CC source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: nsis-installer.exe, 00000000.00000003.2256512300.0000000004B80000.00000004.00001000.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2338261653.0000000004E41000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2260611134.0000000005AC0000.00000004.00001000.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2256207119.0000000002E60000.00000004.00001000.00020000.00000000.sdmp
Source: d3dcompiler_47.dll.0.drStatic PE information: 0xBEBD7FD7 [Fri May 29 01:54:31 2071 UTC]
Source: libEGL.dll.0.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll.0.drStatic PE information: section name: .00cfg
Source: SerenityTherapyInstaller.exe.0.drStatic PE information: section name: .00cfg
Source: SerenityTherapyInstaller.exe.0.drStatic PE information: section name: .rodata
Source: SerenityTherapyInstaller.exe.0.drStatic PE information: section name: CPADinfo
Source: SerenityTherapyInstaller.exe.0.drStatic PE information: section name: malloc_h
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .00cfg
Source: ffmpeg.dll.0.drStatic PE information: section name: .00cfg
Source: libEGL.dll0.0.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll0.0.drStatic PE information: section name: .00cfg
Source: SerenityTherapyInstaller.exe0.0.drStatic PE information: section name: .00cfg
Source: SerenityTherapyInstaller.exe0.0.drStatic PE information: section name: .rodata
Source: SerenityTherapyInstaller.exe0.0.drStatic PE information: section name: CPADinfo
Source: SerenityTherapyInstaller.exe0.0.drStatic PE information: section name: malloc_h
Source: vk_swiftshader.dll0.0.drStatic PE information: section name: .00cfg
Source: vulkan-1.dll.0.drStatic PE information: section name: .00cfg
Source: vulkan-1.dll0.0.drStatic PE information: section name: .00cfg
Source: ffmpeg.dll0.0.drStatic PE information: section name: .00cfg
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_05263426 push eax; retf 19_2_05263429
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_05265428 push eax; mov dword ptr [esp], edx19_2_0526542C
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_0526A750 push esi; iretd 19_2_0526A75E
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_0526EDF0 push esi; iretd 19_2_0526EDFE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_0526ECC1 pushad ; iretd 19_2_0526ECCE
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 19_2_0526FE37 push esi; iretd 19_2_0526FE46
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\496db3a3-1a7f-4f1b-9fcf-efdaeed463f0.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\SpiderBanner.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\8643e452-b938-4f7e-b6f6-6c79c3287391.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\resources\elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\SerenityTherapyInstaller.exeJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\e10a37c2-8429-4258-9cd3-d725395e8215.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\a5cccf86-07fd-48a4-a9cf-7cd44af85556.tmp.nodeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\496db3a3-1a7f-4f1b-9fcf-efdaeed463f0.tmp.nodeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\8643e452-b938-4f7e-b6f6-6c79c3287391.tmp.nodeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\a5cccf86-07fd-48a4-a9cf-7cd44af85556.tmp.nodeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\e10a37c2-8429-4258-9cd3-d725395e8215.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SerenityTherapyInstaller.lnkJump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Loading BitLocker PowerShell Module
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Users\user\Desktop\nsis-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Opens the same file many times (likely Sandbox evasion)
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeFile opened: \Device\RasAcd count: 67341Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeFile opened: \Device\RasAcd count: 66586
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3944Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3555
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 508
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1308
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2376
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2388
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 645
Source: C:\Users\user\Desktop\nsis-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\496db3a3-1a7f-4f1b-9fcf-efdaeed463f0.tmp.nodeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e10a37c2-8429-4258-9cd3-d725395e8215.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\SpiderBanner.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\a5cccf86-07fd-48a4-a9cf-7cd44af85556.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\resources\elevate.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\8643e452-b938-4f7e-b6f6-6c79c3287391.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\Desktop\nsis-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\d3dcompiler_47.dllJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4776Thread sleep count: 3944 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5588Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4776Thread sleep count: 286 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4932Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3184Thread sleep count: 3555 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5608Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6488Thread sleep count: 508 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3064Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6452Thread sleep count: 1308 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5648Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 988Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5028Thread sleep count: 2376 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6536Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5164Thread sleep count: 84 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3660Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4924Thread sleep count: 2388 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5588Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6924Thread sleep count: 89 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6796Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3568Thread sleep count: 645 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6776Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3756Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\nsis-installer.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeFile Volume queried: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeFile Volume queried: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeFile Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeFile Volume queried: C:\Users\user FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeFile Volume queried: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeFile Volume queried: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeFile Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeFile Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeFile Volume queried: C:\Users\user FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeFile Volume queried: C:\Users\user FullSizeInformation
Source: C:\Users\user\Desktop\nsis-installer.exeCode function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004059CC
Source: C:\Users\user\Desktop\nsis-installer.exeCode function: 0_2_004065FD FindFirstFileW,FindClose,0_2_004065FD
Source: C:\Users\user\Desktop\nsis-installer.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\nsis-installer.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeFile opened: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeFile opened: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstallerJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeFile opened: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeJump to behavior
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware Virtual Webcam
Source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (lines.indexOf('VRTUAL') >= 0 || lines.indexOf('A M I ') >= 0 || lines.indexOf('VirtualBox') >= 0 || lines.indexOf('VMWare') >= 0 || lines.indexOf('Xen') >= 0 || lines.indexOf('Parallels') >= 0) {
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware
Source: nsis-installer.exe, 00000000.00000003.2342441523.0000000002DA4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdK
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: result.virtualHost = 'Hyper-V';
Source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: const stdout = execSync('dmesg 2>/dev/null | grep -iE "virtual|hypervisor" | grep -iE "vmware|qemu|kvm|xen" | grep -viE "Nested Virtualization|/virtual/"');
Source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if (str.indexOf('tcg') >= 0) { result = 'QEMU'; }
Source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (lines.indexOf('VMware') >= 0 && !result.virtualHost) {
Source: nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware Virtual WebcamMedia.VideoCapture.BlacklistedDeviceGoogle Camera AdapterIP Camera [JPEG/MJPEG]CyberLink Webcam SplitterEpocCamWebcamMax..\..\media\capture\video\video_capture_metrics.ccDevice supports Media.VideoCapture.Device.SupportedPixelFormatMedia.VideoCapture.Device.SupportedResolution
Source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: case 'vmware':
Source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (stdout.toString().toLowerCase().indexOf('vmware') >= 0 && !result.virtualHost) {
Source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (model.startsWith('vmware')) { result.virtualHost = 'VMware'; }
Source: nsis-installer.exe, 00000000.00000003.2335886092.0000000002DAC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f
Source: nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if (str.indexOf('qemu') >= 0) { result = 'QEMU'; }
Source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (manufacturer.startsWith('vmware') || manufacturer.startsWith('qemu') || manufacturer === 'xen' || manufacturer.startsWith('parallels')) {
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (manufacturer.startsWith('qemu')) { result.virtualHost = 'KVM'; }
Source: nsis-installer.exe, 00000000.00000003.2265396042.00000000050CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmncVMware Screen Codec / VMware Videovp5On2 VP5vp6On2 VP6vp6fOn2 VP6 (Flash version)targaTruevision Targa imageimage/x-targaimage/x-tga
Source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (manufacturer.startsWith('vmware')) { result.virtualHost = 'VMware'; }
Source: nsis-installer.exe, 00000000.00000003.2335886092.0000000002DAC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: en_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f562
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: (IsLinux() && isVMWare) || (IsAndroid() && isNvidia) || (IsAndroid() && GetAndroidSdkLevel() < 27 && IsAdreno5xxOrOlder(functions)) || (IsAndroid() && IsMaliT8xxOrOlder(functions)) || (IsAndroid() && IsMaliG31OrOlder(functions))
Source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: result.virtualHost = 'VMware';
Source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (model === 'virtualbox' || model === 'kvm' || model === 'virtual machine' || model === 'bochs' || model.startsWith('vmware') || model.startsWith('qemu') || model.startsWith('parallels')) {
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (stdout.toString().toLowerCase().indexOf('qemu') >= 0 && !result.virtualHost) {
Source: nsis-installer.exe, 00000000.00000003.2261777652.00000000073D7000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: lgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmcIGfE
Source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (result.model.toLowerCase() === 'virtualbox' || result.model.toLowerCase() === 'kvm' || result.model.toLowerCase() === 'virtual machine' || result.model.toLowerCase() === 'bochs' || result.model.toLowerCase().startsWith('vmware') || result.model.toLowerCase().startsWith('droplet')) {
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (model.startsWith('qemu')) { result.virtualHost = 'KVM'; }
Source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (result.manufacturer.toLowerCase().startsWith('vmware') || result.manufacturer.toLowerCase() === 'xen') {
Source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: result.virtualHost = 'VMware';
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: result.virtualHost = 'QEMU';
Source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: result.virtualHost = 'VMware';
Source: nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: IIAMDARMAppleBroadcomGoogleIntelMesaMicrosoftNVIDIAImagination TechnologiesQualcommSamsung Electronics Co., Ltd.VivanteVMwareVirtIOTest
Source: nsis-installer.exe, 00000000.00000003.2342518948.0000000002DA6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#Cd
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if (str.indexOf('vmware') >= 0) { result = 'VMware'; }
Source: nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: case 'vmware':
Source: nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (disksById.indexOf('_QEMU_') >= 0) {
Source: nsis-installer.exe, 00000000.00000003.2265396042.00000000050CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Screen Codec / VMware Video
Source: C:\Users\user\Desktop\nsis-installer.exeAPI call chain: ExitProcess graph end nodegraph_0-3407
Source: C:\Users\user\Desktop\nsis-installer.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\nsis-installer.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq SerenityTherapyInstaller.exe" /FO csv | %SYSTEMROOT%\System32\find.exe "SerenityTherapyInstaller.exe"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq SerenityTherapyInstaller.exe" /FO csv Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\find.exe C:\Windows\System32\find.exe "SerenityTherapyInstaller.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "chcp"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\SerenityTherapyInstaller" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1972 --field-trial-handle=1976,i,9719428906805688631,3168165960160999559,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\SerenityTherapyInstaller" --mojo-platform-channel-handle=2144 --field-trial-handle=1976,i,9719428906805688631,3168165960160999559,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\SerenityTherapyInstaller" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1908 --field-trial-handle=1976,i,9719428906805688631,3168165960160999559,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcpJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "chcp"
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\SerenityTherapyInstaller" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1912 --field-trial-handle=1916,i,2428637527847521265,8401632774138072131,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\SerenityTherapyInstaller" --mojo-platform-channel-handle=1808 --field-trial-handle=1916,i,2428637527847521265,8401632774138072131,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\SerenityTherapyInstaller" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=944 --field-trial-handle=1916,i,2428637527847521265,8401632774138072131,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcp
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "c:\users\user\appdata\local\programs\serenitytherapyinstaller\serenitytherapyinstaller.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\serenitytherapyinstaller" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaabgaaaaaaaaagaaaaaaaaaaiaaaaaaaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1972 --field-trial-handle=1976,i,9719428906805688631,3168165960160999559,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "c:\users\user\appdata\local\programs\serenitytherapyinstaller\serenitytherapyinstaller.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\serenitytherapyinstaller" --mojo-platform-channel-handle=2144 --field-trial-handle=1976,i,9719428906805688631,3168165960160999559,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "c:\users\user\appdata\local\programs\serenitytherapyinstaller\serenitytherapyinstaller.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\serenitytherapyinstaller" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaabgaaaaaaaaagaaaaaaaaaaiaaaaaaaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1912 --field-trial-handle=1916,i,2428637527847521265,8401632774138072131,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "c:\users\user\appdata\local\programs\serenitytherapyinstaller\serenitytherapyinstaller.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\serenitytherapyinstaller" --mojo-platform-channel-handle=1808 --field-trial-handle=1916,i,2428637527847521265,8401632774138072131,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "c:\users\user\appdata\local\programs\serenitytherapyinstaller\serenitytherapyinstaller.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="c:\users\user\appdata\roaming\serenitytherapyinstaller" --gpu-preferences=uaaaaaaaaadoaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaacqaaaaaaaaaaaaaaaaaaaaaaaaabgaaaaaaaaagaaaaaaaaaaiaaaaaaaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1908 --field-trial-handle=1976,i,9719428906805688631,3168165960160999559,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "c:\users\user\appdata\local\programs\serenitytherapyinstaller\serenitytherapyinstaller.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="c:\users\user\appdata\roaming\serenitytherapyinstaller" --gpu-preferences=uaaaaaaaaadoaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaacqaaaaaaaaaaaaaaaaaaaaaaaaabgaaaaaaaaagaaaaaaaaaaiaaaaaaaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=944 --field-trial-handle=1916,i,2428637527847521265,8401632774138072131,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "c:\users\user\appdata\local\programs\serenitytherapyinstaller\serenitytherapyinstaller.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\serenitytherapyinstaller" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaabgaaaaaaaaagaaaaaaaaaaiaaaaaaaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1972 --field-trial-handle=1976,i,9719428906805688631,3168165960160999559,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "c:\users\user\appdata\local\programs\serenitytherapyinstaller\serenitytherapyinstaller.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\serenitytherapyinstaller" --mojo-platform-channel-handle=2144 --field-trial-handle=1976,i,9719428906805688631,3168165960160999559,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "c:\users\user\appdata\local\programs\serenitytherapyinstaller\serenitytherapyinstaller.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="c:\users\user\appdata\roaming\serenitytherapyinstaller" --gpu-preferences=uaaaaaaaaadoaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaacqaaaaaaaaaaaaaaaaaaaaaaaaabgaaaaaaaaagaaaaaaaaaaiaaaaaaaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1908 --field-trial-handle=1976,i,9719428906805688631,3168165960160999559,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "c:\users\user\appdata\local\programs\serenitytherapyinstaller\serenitytherapyinstaller.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\serenitytherapyinstaller" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaabgaaaaaaaaagaaaaaaaaaaiaaaaaaaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1912 --field-trial-handle=1916,i,2428637527847521265,8401632774138072131,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "c:\users\user\appdata\local\programs\serenitytherapyinstaller\serenitytherapyinstaller.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\serenitytherapyinstaller" --mojo-platform-channel-handle=1808 --field-trial-handle=1916,i,2428637527847521265,8401632774138072131,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeProcess created: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe "c:\users\user\appdata\local\programs\serenitytherapyinstaller\serenitytherapyinstaller.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="c:\users\user\appdata\roaming\serenitytherapyinstaller" --gpu-preferences=uaaaaaaaaadoaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaacqaaaaaaaaaaaaaaaaaaaaaaaaabgaaaaaaaaagaaaaaaaaaaiaaaaaaaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=944 --field-trial-handle=1916,i,2428637527847521265,8401632774138072131,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2
Source: nsis-installer.exe, 00000000.00000003.2261777652.00000000073D7000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: ..\..\third_party\webrtc\modules\desktop_capture\win\window_capture_utils.ccFail to create instance of VirtualDesktopManagerChrome_WidgetWin_ProgmanWindowsDeleteStringWindowsCreateString
Source: SerenityTherapyInstaller.exe, 00000008.00000000.2365305161.0000000007205000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: ..\..\electron\shell\browser\ui\views\electron_views_delegate_win.ccGetAppbarAutohideEdgesShell_TrayWnd
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeQueries volume information: C:\Users VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeQueries volume information: C:\Users\user VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeQueries volume information: C:\Users\user\AppData VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeQueries volume information: C:\Users\user\AppData\Local VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\resources\app.asar VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeQueries volume information: C:\Windows\SysWOW64\cmd.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeQueries volume information: C:\Users\user VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeQueries volume information: C:\Windows\SysWOW64\cmd.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeQueries volume information: C:\Users\user\AppData\Roaming\SerenityTherapyInstaller\Local State VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\Desktop\nsis-installer.exeCode function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040338F
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Stealing of Sensitive Information

barindex
Tries to steal communication platform credentials (via file / registry access)
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exefile Attributes Queried: C:\Users\user\AppData\Local\DiscordJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exefile Attributes Queried: C:\Users\user\AppData\Local\DiscordCanaryJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exefile Attributes Queried: C:\Users\user\AppData\Local\DiscordPTBJump to behavior
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exefile Attributes Queried: C:\Users\user\AppData\Local\Discord
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exefile Attributes Queried: C:\Users\user\AppData\Local\DiscordCanary
Source: C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exefile Attributes Queried: C:\Users\user\AppData\Local\DiscordPTB

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		1
Disable or Modify Tools		11
Input Capture		3
File and Directory Discovery		Remote Services1
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts1
Command and Scripting Interpreter		1
Windows Service		1
Access Token Manipulation		1
Obfuscated Files or Information		LSASS Memory36
System Information Discovery		Remote Desktop Protocol1
Email Collection		2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		1
Windows Service		1
Timestomp		Security Account Manager111
Security Software Discovery		SMB/Windows Admin Shares11
Input Capture		3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook12
Process Injection		1
DLL Side-Loading		NTDS3
Process Discovery		Distributed Component Object Model1
Clipboard Data		Protocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
Registry Run Keys / Startup Folder		11
Masquerading		LSA Secrets131
Virtualization/Sandbox Evasion		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts131
Virtualization/Sandbox Evasion		Cached Domain Credentials1
Application Window Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Access Token Manipulation		DCSync1
Remote System Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
Process Injection		Proc Filesystem1
System Network Configuration Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1427113 Sample: nsis-installer.exe Startdate: 17/04/2024 Architecture: WINDOWS Score: 76 75 ipinfo.io 2->75 77 illitmagnetic.site 2->77 83 Antivirus / Scanner detection for submitted sample 2->83 85 Multi AV Scanner detection for dropped file 2->85 87 Multi AV Scanner detection for submitted file 2->87 8 SerenityTherapyInstaller.exe 5 2->8         started        13 SerenityTherapyInstaller.exe 2->13         started        15 nsis-installer.exe 12 195 2->15         started        signatures3 process4 dnsIp5 79 ipinfo.io 34.117.186.192, 443, 49711, 49713 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 8->79 55 8643e452-b938-4f7e...79c3287391.tmp.node, PE32 8->55 dropped 57 496db3a3-1a7f-4f1b...daeed463f0.tmp.node, PE32 8->57 dropped 89 Tries to steal communication platform credentials (via file / registry access) 8->89 91 Opens the same file many times (likely Sandbox evasion) 8->91 17 powershell.exe 21 8->17         started        20 powershell.exe 8->20         started        22 cmd.exe 1 8->22         started        32 7 other processes 8->32 59 e10a37c2-8429-4258...25395e8215.tmp.node, PE32 13->59 dropped 61 a5cccf86-07fd-48a4...d44af85556.tmp.node, PE32 13->61 dropped 24 powershell.exe 13->24         started        26 powershell.exe 13->26         started        28 cmd.exe 13->28         started        35 7 other processes 13->35 63 C:\Users\...\SerenityTherapyInstaller.exe, PE32 15->63 dropped 65 C:\Users\user\AppData\Local\...\nsis7z.dll, PE32 15->65 dropped 67 C:\Users\user\AppData\Local\...\nsExec.dll, PE32 15->67 dropped 69 17 other files (none is malicious) 15->69 dropped 30 cmd.exe 1 15->30         started        file6 signatures7 process8 dnsIp9 81 Loading BitLocker PowerShell Module 17->81 37 conhost.exe 17->37         started        39 conhost.exe 20->39         started        45 2 other processes 22->45 41 conhost.exe 24->41         started        43 conhost.exe 26->43         started        47 2 other processes 28->47 49 3 other processes 30->49 71 chrome.cloudflare-dns.com 172.64.41.3, 443, 49712 CLOUDFLARENETUS United States 32->71 51 6 other processes 32->51 73 162.159.61.3, 443, 49715 CLOUDFLARENETUS United States 35->73 53 6 other processes 35->53 signatures10 process11

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
nsis-installer.exe38%ReversingLabsWin32.Trojan.Malgent
nsis-installer.exe31%VirustotalBrowse
nsis-installer.exe100%AviraTR/Scar.rdobz

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe0%ReversingLabs
C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe3%VirustotalBrowse
C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\d3dcompiler_47.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\d3dcompiler_47.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\ffmpeg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\ffmpeg.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\libEGL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\libEGL.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\libGLESv2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\libGLESv2.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\vk_swiftshader.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\vk_swiftshader.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\vulkan-1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\vulkan-1.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\496db3a3-1a7f-4f1b-9fcf-efdaeed463f0.tmp.node8%ReversingLabs
C:\Users\user\AppData\Local\Temp\496db3a3-1a7f-4f1b-9fcf-efdaeed463f0.tmp.node7%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\8643e452-b938-4f7e-b6f6-6c79c3287391.tmp.node5%ReversingLabs
C:\Users\user\AppData\Local\Temp\8643e452-b938-4f7e-b6f6-6c79c3287391.tmp.node9%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\a5cccf86-07fd-48a4-a9cf-7cd44af85556.tmp.node8%ReversingLabs
C:\Users\user\AppData\Local\Temp\a5cccf86-07fd-48a4-a9cf-7cd44af85556.tmp.node7%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\e10a37c2-8429-4258-9cd3-d725395e8215.tmp.node5%ReversingLabs
C:\Users\user\AppData\Local\Temp\e10a37c2-8429-4258-9cd3-d725395e8215.tmp.node9%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\SerenityTherapyInstaller.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\SerenityTherapyInstaller.exe3%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\d3dcompiler_47.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\d3dcompiler_47.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\ffmpeg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\ffmpeg.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\libEGL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\libEGL.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\libGLESv2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\libGLESv2.dll0%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
chrome.cloudflare-dns.com0%VirustotalBrowse
illitmagnetic.site0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://anglebug.com/46330%URL Reputationsafe
https://anglebug.com/73820%URL Reputationsafe
https://crbug.com/13560530%URL Reputationsafe
http://crbug.com/1102630%URL Reputationsafe
https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object0%URL Reputationsafe
http://anglebug.com/69290%URL Reputationsafe
https://anglebug.com/72460%URL Reputationsafe
https://anglebug.com/73690%URL Reputationsafe
https://anglebug.com/74890%URL Reputationsafe
https://crbug.com/5930240%URL Reputationsafe
http://exslt.org/common0%URL Reputationsafe
https://tc39.es/ecma262/#sec-timeclip0%URL Reputationsafe
https://crbug.com/13005750%URL Reputationsafe
https://crbug.com/7104430%URL Reputationsafe
https://crbug.com/10600120%URL Reputationsafe
http://anglebug.com/39970%URL Reputationsafe
http://anglebug.com/47220%URL Reputationsafe
http://crbug.com/6426050%URL Reputationsafe
http://anglebug.com/14520%URL Reputationsafe
https://webassembly.github.io/spec/web-api0%URL Reputationsafe
https://crbug.com/650547callClearTwiceUsing0%URL Reputationsafe
http://anglebug.com/35020%URL Reputationsafe
http://anglebug.com/36230%URL Reputationsafe
http://anglebug.com/36250%URL Reputationsafe
http://anglebug.com/36240%URL Reputationsafe
http://anglebug.com/28940%URL Reputationsafe
http://anglebug.com/38620%URL Reputationsafe
http://anglebug.com/48360%URL Reputationsafe
https://heycam.github.io/webidl/#es-iterable-entries0%URL Reputationsafe
https://heycam.github.io/webidl/#es-interfaces0%URL Reputationsafe
https://w3c.github.io/manifest/#installability-signals0%VirustotalBrowse
http://127.0.0.12%VirustotalBrowse
https://beacons.gcp.gvt2.com/domainreliability/upload0%VirustotalBrowse
http://istanbul-js.org/0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
chrome.cloudflare-dns.com
172.64.41.3
truefalseunknown
ipinfo.io
34.117.186.192
truefalse
    		high
    illitmagnetic.site
    		unknown
    		unknownfalseunknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://sqlite.org/forum/forumpost/eb8613976ansis-installer.exe, 00000000.00000003.2203135466.00000000057C0000.00000004.00001000.00020000.00000000.sdmpfalse
      		high
      https://url.spec.whatwg.org/#concept-url-originnsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpfalse
        		high
        https://tools.ietf.org/html/rfc6455#section-1.3nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpfalse
          		high
          https://www.ecma-international.org/ecma-262/8.0/#sec-atomescapensis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpfalse
            		high
            https://github.com/sebhildebrandt/systeminformation.gitnsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              https://support.google.com/chrome/answer/6098869nsis-installer.exe, 00000000.00000003.2342167557.0000000004E41000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                http://anglebug.com/4633nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://anglebug.com/7382nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                https://www.ecma-international.org/ecma-262/8.0/#prod-Atomnsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpfalse
                  		high
                  https://github.com/nodejs/node/pull/35941nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    https://www.chromestatus.com/feature/5093566007214080nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpfalse
                      		high
                      https://console.spec.whatwg.org/#tablensis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        https://github.com/nodejs/string_decodernsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          https://docs.google.com/nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            https://crbug.com/1356053nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://elinux.org/RPI_vcgencmd_usagensis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://encoding.spec.whatwg.org/#textencodernsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3C//DTDnsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  https://github.com/tc39/proposal-weakrefsnsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    https://goo.gl/t5IS6M).nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      http://crbug.com/110263nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Assertionnsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/repairES5.jsnsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://tc39.github.io/ecma262/#sec-%iteratorprototype%-objectnsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://url.spec.whatwg.org/#concept-urlencoded-serializernsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            https://www.chromium.org/blink/origin-trials/portals.nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              http://anglebug.com/6929nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://semver.org/nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3Fnsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://nodejs.org/api/fs.htmlnsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://chromium.googlesource.com/chromium/src/nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://github.com/nodejs/node/pull/21313nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://www.chromium.org/blink/origin-trials/portals.Thensis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://anglebug.com/7246nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://anglebug.com/7369nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://anglebug.com/7489nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://bit.ly/3rpDuEX.nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://crbug.com/593024nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRangesnsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://w3c.github.io/manifest/#installability-signalsnsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpfalseunknown
                                                              http://www.midnight-commander.org/browser/lib/tty/key.cnsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://nodejs.org/nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://tools.ietf.org/html/rfc7540#section-8.1.2.5nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://exslt.org/commonnsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://github.com/tensorflow/modelsnsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.ecma-international.org/ecma-262/8.0/#prod-Hex4Digitsnsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.squid-cache.org/Doc/config/half_closed_clients/nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscapensis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://c.docs.google.com/nsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://github.com/KhronosGroup/SPIRV-Headers.gitnsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassControlLetternsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.sqlite.org/src/info/908f001483982c43nsis-installer.exe, 00000000.00000003.2203135466.00000000057C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://tc39.es/ecma262/#sec-timeclipnsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://issuetracker.google.com/161903006nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://127.0.0.1nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalseunknown
                                                                                      https://crbug.com/1300575nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://github.com/nodejs/node/pull/33661nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.nongnu.org/freebangfont/downloads.html#muktinsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://crbug.com/710443nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://narwhaljs.org)nsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		low
                                                                                            http://istanbul-js.org/nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpfalseunknown
                                                                                            https://github.com/tensorflow/tflite-supportnsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://github.com/WICG/scheduling-apisnsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://sqlite.org/nsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://crbug.com/1060012nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  http://localhosthttp://127.0.0.1object-srcnsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		low
                                                                                                    https://code.google.com/p/chromium/issues/detail?id=25916nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://anglebug.com/3997nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://anglebug.com/4722nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://crbug.com/642605nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://fetch.spec.whatwg.org/#fetch-timing-infonsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://anglebug.com/1452nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://webassembly.github.io/spec/web-apinsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://github.com/electron/electron/issues/18397.Modulensis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://github.com/nodejs/node/pull/12607nsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.ecma-international.org/ecma-262/#sec-line-terminatorsnsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.sqlite.org/nsis-installer.exe, 00000000.00000003.2203332099.00000000066D0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txtnsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://crbug.com/650547callClearTwiceUsingnsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://github.com/npm/node-tar/issues/183nsis-installer.exe, 00000000.00000003.2342035458.00000000050CD000.00000004.00000020.00020000.00000000.sdmp, nsis-installer.exe, 00000000.00000003.2203535595.0000000006AD0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://html4/loose.dtdnsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      		low
                                                                                                                      http://anglebug.com/3502nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://anglebug.com/3623nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      https://gitlab.freedesktop.org/xdg/xdgmimensis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://anglebug.com/3625nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        http://anglebug.com/3624nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        http://www.unicode.org/copyright.htmlnsis-installer.exe, 00000000.00000003.2185816773.0000000005CC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://beacons.gcp.gvt2.com/domainreliability/uploadnsis-installer.exe, 00000000.00000003.2261777652.000000000752F000.00000004.00001000.00020000.00000000.sdmpfalseunknown
                                                                                                                          http://anglebug.com/2894nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://anglebug.com/3862nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://anglebug.com/4836nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          https://issuetracker.google.com/issues/166475273nsis-installer.exe, 00000000.00000003.2210859270.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://developer.chrome.com/docs/extensions/mv3/cross-origin-isolation/.nsis-installer.exe, 00000000.00000003.2261777652.00000000073D7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://github.com/WICG/construct-stylesheets/issues/119#issuecomment-588352418.nsis-installer.exe, 00000000.00000003.2261777652.00000000073D7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedAtomnsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://github.com/w3c/webappsec-trusted-types/wiki/Trusted-Types-for-function-constructornsis-installer.exe, 00000000.00000003.2260879693.0000000006810000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://heycam.github.io/webidl/#es-iterable-entriesnsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    https://github.com/wasdk/wasmparsernsis-installer.exe, 00000000.00000003.2276494222.00000000050C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://heycam.github.io/webidl/#es-interfacesnsis-installer.exe, 00000000.00000003.2261150815.0000000006D50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      https://sqlite.org/forum/forumpost/36937b197273d403nsis-installer.exe, 00000000.00000003.2203135466.00000000057C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        		high

                                                                                                                                        World Map of Contacted IPs

                                                                                                                                        • No. of IPs < 25%
                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                        • 75% < No. of IPs

                                                                                                                                        Public IPs

                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                        34.117.186.192
                                                                                                                                        		ipinfo.ioUnited States
                                                                                                                                        		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                        162.159.61.3
                                                                                                                                        		unknownUnited States
                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                        172.64.41.3
                                                                                                                                        		chrome.cloudflare-dns.comUnited States
                                                                                                                                        		13335CLOUDFLARENETUSfalse

                                                                                                                                        General Information

                                                                                                                                        Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                        Analysis ID:1427113
                                                                                                                                        Start date and time:2024-04-17 02:04:07 +02:00
                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                        Overall analysis duration:0h 13m 26s
                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                        Report type:full
                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                        Number of analysed new started processes analysed:54
                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                        Technologies:
                                                                                                                                        • HCA enabled
                                                                                                                                        • EGA enabled
                                                                                                                                        • AMSI enabled
                                                                                                                                        Analysis Mode:default
                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                        Sample name:nsis-installer.exe
                                                                                                                                        Detection:MAL
                                                                                                                                        Classification:mal76.spyw.evad.winEXE@76/131@48/3
                                                                                                                                        EGA Information:
                                                                                                                                        • Successful, ratio: 50%
                                                                                                                                        HCA Information:
                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                        • Number of executed functions: 112
                                                                                                                                        • Number of non-executed functions: 25
                                                                                                                                        Cookbook Comments:
                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                        Warnings

                                                                                                                                        • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                        • Excluded IPs from analysis (whitelisted): 64.233.176.94, 172.217.215.94
                                                                                                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, www.gstatic.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                        • Execution Graph export aborted for target powershell.exe, PID 5316 because it is empty
                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                        • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                        • Report size getting too big, too many NtQueryVolumeInformationFile calls found.

                                                                                                                                        Simulations

                                                                                                                                        Behavior and APIs

                                                                                                                                        TimeTypeDescription
                                                                                                                                        02:05:08API Interceptor6x Sleep call for process: nsis-installer.exe modified
                                                                                                                                        02:05:25API Interceptor65x Sleep call for process: powershell.exe modified
                                                                                                                                        02:05:25AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SerenityTherapyInstaller.lnk

                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                        IPs

                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                        34.117.186.192SecuriteInfo.com.Win32.Evo-gen.24318.16217.exeGet hashmaliciousUnknownBrowse
                                                                                                                                        • ipinfo.io/json
                                                                                                                                        SecuriteInfo.com.Win32.Evo-gen.28489.31883.exeGet hashmaliciousUnknownBrowse
                                                                                                                                        • ipinfo.io/json
                                                                                                                                        Raptor.HardwareService.Setup 1.msiGet hashmaliciousUnknownBrowse
                                                                                                                                        • ipinfo.io/ip
                                                                                                                                        Conferma_Pdf_Editor.exeGet hashmaliciousPlanet StealerBrowse
                                                                                                                                        • ipinfo.io/
                                                                                                                                        Conferma_Pdf_Editor.exeGet hashmaliciousPlanet StealerBrowse
                                                                                                                                        • ipinfo.io/
                                                                                                                                        w.shGet hashmaliciousXmrigBrowse
                                                                                                                                        • /ip
                                                                                                                                        Raptor.HardwareService.Setup_2.3.6.0.msiGet hashmaliciousUnknownBrowse
                                                                                                                                        • ipinfo.io/ip
                                                                                                                                        Raptor.HardwareService.Setup_2.3.6.0.msiGet hashmaliciousUnknownBrowse
                                                                                                                                        • ipinfo.io/ip
                                                                                                                                        uUsgzQ3DoW.exeGet hashmaliciousRedLineBrowse
                                                                                                                                        • ipinfo.io/ip
                                                                                                                                        8BZBgbeCcz.exeGet hashmaliciousRedLineBrowse
                                                                                                                                        • ipinfo.io/ip
                                                                                                                                        162.159.61.3file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            https://ecouterrepondeurvocal.pro/35-hnJZibGet hashmaliciousUnknownBrowse
                                                                                                                                              7TOBanrkqU.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                SecuriteInfo.com.W64.S-19146458.Eldorado.2165.28638.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                  SecuriteInfo.com.Win32.MalwareX-gen.8794.16509.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    SecuriteInfo.com.Win32.MalwareX-gen.8794.16509.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          SecuriteInfo.com.Win32.Evo-gen.30889.28387.exeGet hashmaliciousPafishBrowse
                                                                                                                                                            172.64.41.3file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                              https://ecouterrepondeurvocal.pro/35-hnJZibGet hashmaliciousUnknownBrowse
                                                                                                                                                                7TOBanrkqU.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                  806aab44-6c03-4577-a3c4-83aa13dc7875.tmpGet hashmaliciousUnknownBrowse
                                                                                                                                                                    SecuriteInfo.com.W64.S-19146458.Eldorado.2165.28638.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      SecuriteInfo.com.Win32.MalwareX-gen.8794.16509.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            Payslip-9583.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              SetupSpuckwars_1.15.5.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                Domains

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                ipinfo.iofile.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                                                                                • 34.117.186.192
                                                                                                                                                                                SecuriteInfo.com.FileRepMalware.18165.2747.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 34.117.186.192
                                                                                                                                                                                SecuriteInfo.com.FileRepMalware.18165.2747.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 34.117.186.192
                                                                                                                                                                                7AdIyN5s2K.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                • 34.117.186.192
                                                                                                                                                                                file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                • 34.117.186.192
                                                                                                                                                                                file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                                                                                • 34.117.186.192
                                                                                                                                                                                YUoiqJo8Sk.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                • 34.117.186.192
                                                                                                                                                                                JR58WqLhRl.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                • 34.117.186.192
                                                                                                                                                                                TANQUIVUIA.exeGet hashmaliciousLummaC, RisePro StealerBrowse
                                                                                                                                                                                • 34.117.186.192
                                                                                                                                                                                file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                • 34.117.186.192
                                                                                                                                                                                chrome.cloudflare-dns.comfile.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 162.159.61.3
                                                                                                                                                                                https://ecouterrepondeurvocal.pro/35-hnJZibGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 162.159.61.3
                                                                                                                                                                                806aab44-6c03-4577-a3c4-83aa13dc7875.tmpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                SecuriteInfo.com.W64.S-19146458.Eldorado.2165.28638.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                SecuriteInfo.com.W64.S-19146458.Eldorado.2165.28638.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 162.159.61.3
                                                                                                                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 172.64.41.3
                                                                                                                                                                                SecuriteInfo.com.Win32.Evo-gen.30889.28387.exeGet hashmaliciousPafishBrowse
                                                                                                                                                                                • 162.159.61.3
                                                                                                                                                                                Payslip-9583.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 172.64.41.3

                                                                                                                                                                                ASNs

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                CLOUDFLARENETUShttp://rakuten.co.jp.rakutle.xyz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                • 104.21.58.190
                                                                                                                                                                                MdeeRbWvqe.exeGet hashmaliciousLummaC, Babuk, Djvu, LummaC Stealer, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                • 162.159.134.233
                                                                                                                                                                                https://pub-fb18fd8aaa2c453dab56d6f0ae35acae.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                • 104.18.3.35
                                                                                                                                                                                https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/quickbookdoc.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                • 104.18.3.35
                                                                                                                                                                                https://llp61.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-883-293-0114Get hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                • 104.21.53.38
                                                                                                                                                                                https://rn4l7xnwgswo7wbuyf.pages.dev/smart89/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                • 172.66.45.11
                                                                                                                                                                                https://pub-42f18409450241ad96b799ac0cf167c8.r2.dev/werey.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                • 104.18.2.35
                                                                                                                                                                                https://pub-0c3a840de7004b4ba0e6e237abfdaa83.r2.dev/swww.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                • 104.17.25.14
                                                                                                                                                                                https://marescointernational-my.sharepoint.com/:b:/g/personal/brandi_powerpoolplus_com/EQm-kFmemWxGrnrqiUMmGz8BPYRFeUdQ99UEN8UQ0QhgUw?e=Y4OwoPGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                • 104.17.2.184
                                                                                                                                                                                https://fmcompan.pages.dev/Get hashmaliciousPayPal PhisherBrowse
                                                                                                                                                                                • 172.66.47.201
                                                                                                                                                                                GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                                                                                • 34.117.186.192
                                                                                                                                                                                SecuriteInfo.com.FileRepMalware.18165.2747.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 34.117.186.192
                                                                                                                                                                                SecuriteInfo.com.FileRepMalware.18165.2747.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 34.117.186.192
                                                                                                                                                                                7AdIyN5s2K.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                • 34.117.186.192
                                                                                                                                                                                file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                • 34.117.186.192
                                                                                                                                                                                file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                                                                                • 34.117.186.192
                                                                                                                                                                                YUoiqJo8Sk.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                • 34.117.186.192
                                                                                                                                                                                JR58WqLhRl.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                • 34.117.186.192
                                                                                                                                                                                TANQUIVUIA.exeGet hashmaliciousLummaC, RisePro StealerBrowse
                                                                                                                                                                                • 34.117.186.192
                                                                                                                                                                                file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                • 34.117.186.192
                                                                                                                                                                                CLOUDFLARENETUShttp://rakuten.co.jp.rakutle.xyz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                • 104.21.58.190
                                                                                                                                                                                MdeeRbWvqe.exeGet hashmaliciousLummaC, Babuk, Djvu, LummaC Stealer, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                • 162.159.134.233
                                                                                                                                                                                https://pub-fb18fd8aaa2c453dab56d6f0ae35acae.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                • 104.18.3.35
                                                                                                                                                                                https://pub-778c9922a88c4d2c839b01025172bb0b.r2.dev/quickbookdoc.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                • 104.18.3.35
                                                                                                                                                                                https://llp61.z1.web.core.windows.net/werrx01USAHTML/?bcda=1-883-293-0114Get hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                • 104.21.53.38
                                                                                                                                                                                https://rn4l7xnwgswo7wbuyf.pages.dev/smart89/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                • 172.66.45.11
                                                                                                                                                                                https://pub-42f18409450241ad96b799ac0cf167c8.r2.dev/werey.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                • 104.18.2.35
                                                                                                                                                                                https://pub-0c3a840de7004b4ba0e6e237abfdaa83.r2.dev/swww.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                • 104.17.25.14
                                                                                                                                                                                https://marescointernational-my.sharepoint.com/:b:/g/personal/brandi_powerpoolplus_com/EQm-kFmemWxGrnrqiUMmGz8BPYRFeUdQ99UEN8UQ0QhgUw?e=Y4OwoPGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                • 104.17.2.184
                                                                                                                                                                                https://fmcompan.pages.dev/Get hashmaliciousPayPal PhisherBrowse
                                                                                                                                                                                • 172.66.47.201

                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                No context

                                                                                                                                                                                Dropped Files

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\ffmpeg.dllSenPalia Installer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  SenPalia Installer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    MariyelTherapy_Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      MariyelTherapy_Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        HealityTherapyInstall.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          HealityTherapyInstall.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            SecuriteInfo.com.Variant.Barys.382335.17800.17827.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              SecuriteInfo.com.Trojan.DownLoader45.55850.18837.22068.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                SecuriteInfo.com.Trojan.DownLoader45.55850.3832.1433.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  SecuriteInfo.com.Trojan.DownLoader45.55850.3832.1433.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\d3dcompiler_47.dllSenOg8gPgc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      SenOg8gPgc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        8ubQTzsAqG.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          8ubQTzsAqG.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            SenPalia Installer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              SenPalia Installer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                MariyelTherapy_Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  MariyelTherapy_Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    HealityTherapyInstall.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      HealityTherapyInstall.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\D3DSCache\5b4e827ea0c96efd\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):65552
                                                                                                                                                                                                                        Entropy (8bit):0.012637573583053192
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:RNlGlll/l/lXp9ZjrPBY0Bl/2zZP:RN0dPBY0Bol
                                                                                                                                                                                                                        MD5:FF6468020041A2905DFDF0F42E9CC291
                                                                                                                                                                                                                        SHA1:B5D7DA2398F1AB3ECC180310E0C404B6829454AC
                                                                                                                                                                                                                        SHA-256:89FA303DDA0F3EE4EE70A6DBE66796F919253BB3A56B2E9C0299D31314743ECD
                                                                                                                                                                                                                        SHA-512:96FCC5776D4DB4D4D73DFFCFD43E1276F778F5D9F1BDE74FF68B3C214E3F4502C944FF00B0E452AE01D6BB33B9900614EB9FE92B3FF2487C2DC702AC94D83421
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:=I..........................................f...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\D3DSCache\5b4e827ea0c96efd\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                        Size (bytes):4
                                                                                                                                                                                                                        Entropy (8bit):1.5
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:R:R
                                                                                                                                                                                                                        MD5:F49655F856ACB8884CC0ACE29216F511
                                                                                                                                                                                                                        SHA1:CB0F1F87EC0455EC349AAA950C600475AC7B7B6B
                                                                                                                                                                                                                        SHA-256:7852FCE59C67DDF1D6B8B997EAA1ADFAC004A9F3A91C37295DE9223674011FBA
                                                                                                                                                                                                                        SHA-512:599E93D25B174524495ED29653052B3590133096404873318F05FD68F4C9A5C9A3B30574551141FBB73D7329D6BE342699A17F3AE84554BAB784776DFDA2D5F8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:EERF

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\D3DSCache\5b4e827ea0c96efd\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe
                                                                                                                                                                                                                        File Type:Matlab v4 mat-file (little endian) (, numeric, rows 0, columns 16, imaginary
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):65536
                                                                                                                                                                                                                        Entropy (8bit):0.03415300466731351
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6:c9q0XXUEZ+lX1IbRtwDM6x3AlOeFYr22AwDM6x3AlOeFYr27tb2Hsqi:V6Q1Ib8DAl622AwDAl62l2i
                                                                                                                                                                                                                        MD5:E2990B60D015106F81DF00E12D51AFC7
                                                                                                                                                                                                                        SHA1:1BCC62E3DA98C88B312D4A746675F3B15A6ED09B
                                                                                                                                                                                                                        SHA-256:753610F18977E105FFE55B5227D2229F70EB53659CED4392AA3E9F599F9E9F27
                                                                                                                                                                                                                        SHA-512:6B85F4A2880FAE42A8488BA3CBE13E74334C8FDDF8CA1EB305065E7EF81107D57EAEE4488A97825700C7B3843F62217BB1D296E59E6749058133399277508BE0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:....................(....x:no.&A.e.u~+..C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.r.o.g.r.a.m.s.\.S.e.r.e.n.i.t.y.T.h.e.r.a.p.y.I.n.s.t.a.l.l.e.r.\.S.e.r.e.n.i.t.y.T.h.e.r.a.p.y.I.n.s.t.a.l.l.e.r...e.x.e.................................(...p.DJ!.IL.....Z.F.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):2172
                                                                                                                                                                                                                        Entropy (8bit):5.28954144644176
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:48:wUYNSU4xymI4RfoUeW+mZ9tK8NPQbHlvu1lfls5Ut5n:wBkHxvIIwLmZ2K4MQun
                                                                                                                                                                                                                        MD5:EDEA8ED896EC4B9891DB52A0841FA36F
                                                                                                                                                                                                                        SHA1:5A9DA179EC08D83E36AB3CBCC7D88475B10B06EE
                                                                                                                                                                                                                        SHA-256:D9257A3AA49B9319035822C4C989C0DA1257EBDE9660429A3ADACD632B5B32F9
                                                                                                                                                                                                                        SHA-512:6050A64881E8DB31C65C0B5FC29DC5D256125790317A7FFE9152C2E88AF325C98E9B36896D319045DBB0B036F29EA289EFC2915AE3FE49A2CCB7EC74AB117724
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:@...e................................................@..........X................$.....K.sG.<p..a.......Microsoft.Management.Infrastructure.CimCmdlets..H...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerS

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\LICENSE.electron.txt

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1096
                                                                                                                                                                                                                        Entropy (8bit):5.13006727705212
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24:36DiJHxRHuyPP3GtIHw1Gg9QH+sUW8Ok4F+d1o36qjFD:36DiJzfPvGt7ICQH+sfIte36AFD
                                                                                                                                                                                                                        MD5:4D42118D35941E0F664DDDBD83F633C5
                                                                                                                                                                                                                        SHA1:2B21EC5F20FE961D15F2B58EFB1368E66D202E5C
                                                                                                                                                                                                                        SHA-256:5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
                                                                                                                                                                                                                        SHA-512:3FFBBA2E4CD689F362378F6B0F6060571F57E228D3755BDD308283BE6CBBEF8C2E84BEB5FCF73E0C3C81CD944D01EE3FCF141733C4D8B3B0162E543E0B9F3E63
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:Copyright (c) Electron contributors.Copyright (c) 2013-2020 GitHub Inc...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISIN

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\LICENSES.chromium.html

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:HTML document, ASCII text
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):8312662
                                                                                                                                                                                                                        Entropy (8bit):4.705814170451806
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24576:dbTy6TU675kfWScRQfJw91SmfJB6i6e6R626X8HHdE/pG6:tygpj
                                                                                                                                                                                                                        MD5:312446EDF757F7E92AAD311F625CEF2A
                                                                                                                                                                                                                        SHA1:91102D30D5ABCFA7B6EC732E3682FB9C77279BA3
                                                                                                                                                                                                                        SHA-256:C2656201AC86438D062673771E33E44D6D5E97670C3160E0DE1CB0BD5FBBAE9B
                                                                                                                                                                                                                        SHA-512:DCE01F2448A49A0E6F08BBDE6570F76A87DCC81179BB51D5E2642AD033EE81AE3996800363826A65485AB79085572BBACE51409AE7102ED1A12DF65018676333
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview: Generated by licenses.py; do not edit. --><!doctype html>.<html>.<head>.<meta charset="utf-8">.<meta name="viewport" content="width=device-width">.<meta name="color-scheme" content="light dark">.<title>Credits</title>.<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">.<link rel="stylesheet" href="chrome://credits/credits.css">.</head>.<body>.<span class="page-title" style="float:left;">Credits</span>.<a id="print-link" href="#" style="float:right;" hidden>Print</a>.<div style="clear:both; overflow:auto;"> Chromium <3s the following projects -->.<div class="product">.<span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span>.<span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span>.<input type="checkbox" hidden id="0">.<label class="show" for="0" tabindex="0"></label>.<div class="licence">.<pre>Copyright(C) 1997,2001 Takuya OOURA (email: ooura@kurims.kyoto-u.ac.jp)..You may us

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):138321408
                                                                                                                                                                                                                        Entropy (8bit):6.983404833838794
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1572864:m4sMLl/BkZTVV2iplzf+ekzrMdTOG0AfhgojwlwVgmPQtn06H9rejAEdCoIZXCVb:/l/BkVVPBDgmPKa5Wnu3X7
                                                                                                                                                                                                                        MD5:D05989CE9BE7EA67632845FA837299C9
                                                                                                                                                                                                                        SHA1:359843B36A73C0D1D513B8684A2F83AF34CE96A2
                                                                                                                                                                                                                        SHA-256:DF4030369CA29744F74BC4932A4FFD0537D41796C9D913623DE0D6214EC39D91
                                                                                                                                                                                                                        SHA-512:BEF82D9FB46849489FB87E8C5DBDE7A86DDDF2A1DCE39E752A30992258C7E01C990384D918BE99B4F51B285E77CA6ADC820948CAB6BBD12140B4F806578C5817
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 3%, Browse
                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."......"...h.......L|...........@.......................... w...........@.............................$.......h.....5.......................7..?..........................+......XO..............d...8...D........................text...B!.......".................. ..`.rdata..DWK..@...XK..&..............@..@.data.....=..........~..............@....00cfg........5......j..............@..@.rodata.`.....5......l.............. ..`.tls..........5......v..............@...CPADinfo(.....5......x..............@...malloc_hL.....5......z.............. ..`.rsrc.........5.....................@..@.reloc...?...7...?.................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\chrome_100_percent.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):127125
                                                                                                                                                                                                                        Entropy (8bit):7.915612661029362
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:vlKzwqCT4wDNzIwL2o418Gb0+VRLf0ld0GY3cQ39Vm2I:vlKzwt4uEgK18Gb0OV8ld0GecQ3f2
                                                                                                                                                                                                                        MD5:ACD0FA0A90B43CD1C87A55A991B4FAC3
                                                                                                                                                                                                                        SHA1:17B84E8D24DA12501105B87452F86BFA5F9B1B3C
                                                                                                                                                                                                                        SHA-256:CCBCA246B9A93FA8D4F01A01345E7537511C590E4A8EFD5777B1596D10923B4B
                                                                                                                                                                                                                        SHA-512:3E4C4F31C6C7950D5B886F6A8768077331A8F880D70B905CF7F35F74BE204C63200FF4A88FA236ABCCC72EC0FC102C14F50DD277A30F814F35ADFE5A7AE3B774
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:..............t...#.....:.I...J~p...K~6...L~....M~#...N~....O~`...P~m...Q~....R~....S~I...T~....U~'"..V~.,..^~.7.._~;9..b~v:..c~(<..j~.<..k~.B..l~fH..m~.J..n~.K..o~.L.....M.....N....aP....IS....BV....uY.....]....Pa.....d....h....i...hk....l....m...An....n.....................................K.....x...........4.....m.....D.............................1........................'.....*.....4.....>.....C.....D....hM.....U.....V....>X.....Z....E].....]....a...%c....d....f....h....i....k....l....o...wq....t...7v....y....}....~...m................................3.................g.....6............................k.....-...........3.....9......................H.......................Y.................{.....s....M..............F...................&....y..............\....p....Z.........Z.........g...........................T..................6...............M.................r...........1.................X.................u.......

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\chrome_200_percent.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):177406
                                                                                                                                                                                                                        Entropy (8bit):7.939611912805236
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:4DQYaEQN6AJPKNzIwafR54x5GMR+F44ffbdZnYw9p4AbIVGYoDd+HxNK/rIM0:4DQYaNN68QEVgx5GMRejnbdZnVE6YopY
                                                                                                                                                                                                                        MD5:4610337E3332B7E65B73A6EA738B47DF
                                                                                                                                                                                                                        SHA1:8D824C9CF0A84AB902E8069A4DE9BF6C1A9AAF3B
                                                                                                                                                                                                                        SHA-256:C91ABF556E55C29D1EA9F560BB17CC3489CB67A5D0C7A22B58485F5F2FBCF25C
                                                                                                                                                                                                                        SHA-512:039B50284D28DCD447E0A486A099FA99914D29B543093CCCDA77BBEFDD61F7B7F05BB84B2708AE128C5F2D0C0AB19046D08796D1B5A1CFF395A0689AB25CCB51
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:..............t...#.....:.t...J~....K~....L~....M~....N~....O~....P~.%..Q~.*..R~.-..S~c5..T~.9..U~.A..V~.V..^~Ck.._~.m..b~)o..c~yr..j~#s..k~.}..l~....m~...n~...o~......................................K.....!..................Q..............*........................a.......................,%....H0.....2....E:....(A.....F.....L.....R.....T....QY....:].....f.....i....br....Sv..........C...........).................].....}................................................................................................. ....!....%.....*.....,..........O/...../....y1.....2....l4.....6.....7....A:.....?.....C.....K.....S.....Y....._.....e....Ok.....l.....m.....n.....o.....q.....r.....s.....u....:w..............P............................%.............7................,........G........u.............B........S.........a....%........;.....................l...........T..........R...........6..........).............

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\d3dcompiler_47.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):4127200
                                                                                                                                                                                                                        Entropy (8bit):6.577665867424953
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:49152:OS7PQ+besnXqRtHKzhwSsz6Ku1FVVOsLQuouM0MeAD36FqxLfeIgSNwLTzHiU2Ir:O4PhqqFVUsLQl6FqVCLTzHxJIMd
                                                                                                                                                                                                                        MD5:3B4647BCB9FEB591C2C05D1A606ED988
                                                                                                                                                                                                                        SHA1:B42C59F96FB069FD49009DFD94550A7764E6C97C
                                                                                                                                                                                                                        SHA-256:35773C397036B368C1E75D4E0D62C36D98139EBE74E42C1FF7BE71C6B5A19FD7
                                                                                                                                                                                                                        SHA-512:00CD443B36F53985212AC43B44F56C18BF70E25119BBF9C59D05E2358FF45254B957F1EC63FC70FB57B1726FD8F76CCFAD8103C67454B817A4F183F9122E3F50
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                                        • Filename: SenOg8gPgc.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: SenOg8gPgc.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: 8ubQTzsAqG.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: 8ubQTzsAqG.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: SenPalia Installer.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: SenPalia Installer.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: MariyelTherapy_Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: MariyelTherapy_Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: HealityTherapyInstall.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: HealityTherapyInstall.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!7P.OdP.OdP.Od..NeR.OdP.Nd..OdY..dU.Od.Jem.Od.KeQ.Od...dQ.Od..Leo.Od..Je..Od..OeQ.Od..Ge..Od..Kec.Od...dQ.Od..MeQ.OdRichP.Od................PE..L..................!.....2<..*...............P<...............................?.......?...@A.........................<<.u.....=.P.....=.@.............>..%....=.........T....................u..........@.............=..............................text...e0<......2<................. ..`.data...`"...P<......6<.............@....idata........=.......<.............@..@.rsrc...@.....=.......<.............@..@.reloc........=.......<.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\ffmpeg.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):2577408
                                                                                                                                                                                                                        Entropy (8bit):6.874677747990032
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:49152:YKM7YWN1tYNFKtJPP5f+8xH6UahvIxi9xrBYHZU7ewdCUQFdqQi9muA:YKM7YWNT2Kt9QoaUalEi9xqZ29dA
                                                                                                                                                                                                                        MD5:1BB0E1140EF08440AD47D80B70DBF742
                                                                                                                                                                                                                        SHA1:C2E4243BAD76B465B5AB39865AC023DB1632D6B0
                                                                                                                                                                                                                        SHA-256:C0D9EDDE3864D9450744F4BC526A98608B629AEED01C6647F600802E1B1CF671
                                                                                                                                                                                                                        SHA-512:29D71E3BD7DF7014A03E26CA6EE5B59FF6E3D06096742FAE5DEC6282ABD1F0D2F24C886A503E3A691D38CC68E0DA504A7F657DCEC4758B640A1A523D3EEAA57A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                                        • Filename: SenPalia Installer.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: SenPalia Installer.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: MariyelTherapy_Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: MariyelTherapy_Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: HealityTherapyInstall.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: HealityTherapyInstall.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: SecuriteInfo.com.Variant.Barys.382335.17800.17827.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: SecuriteInfo.com.Trojan.DownLoader45.55850.18837.22068.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: SecuriteInfo.com.Trojan.DownLoader45.55850.3832.1433.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: SecuriteInfo.com.Trojan.DownLoader45.55850.3832.1433.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."!................p........................................@=...........@A.........................+&......1&.(............................`<.(...l.%.......................%.....@...............l3&..............................text...7........................... ..`.rdata..T...........................@..@.data........p&......X&.............@....00cfg.......@<......t&.............@..@.tls.........P<......v&.............@....reloc..(....`<......x&.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\icudtl.dat

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):10542048
                                                                                                                                                                                                                        Entropy (8bit):6.277141340322909
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:98304:OKPBQYOo+ddlymOk25flQCUliXUxiG9Ha93Whla6ZGdnp/8k:OKPBhORjOhCliXUxiG9Ha93Whla6ZGrn
                                                                                                                                                                                                                        MD5:D89CE8C00659D8E5D408C696EE087CE3
                                                                                                                                                                                                                        SHA1:49FC8109960BE3BB32C06C3D1256CB66DDED19A8
                                                                                                                                                                                                                        SHA-256:9DFBE0DAD5C7021CFE8DF7F52458C422CBC5BE9E16FF33EC90665BB1E3F182DE
                                                                                                                                                                                                                        SHA-512:DB097CE3EB9E132D0444DF79B167A7DCB2DF31EFFBBD3DF72DA3D24AE2230CC5213C6DF5E575985A9918FBD0A6576E335B6EBC12B6258BC93FA205399DE64C37
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html .Q....B.......B...#...B.. $...B..p$...B...$...B...%...B..`P...C...P...C...Q..(C......<C.....OC......bC..@...uC.......C..P....C.......C.......C..p....C.. ....C.......C.......D..p... D.....3D..0...FD.....YD.....lD.......D......D..0....D.......D..p....D......D..@....D.......E......E..@...*E.....=E..P...NE......bE.....rE..@....E.......E.......E..P....E.......E......E..@....F.......F.....'F..0...7F..P...JF......aF......qF...G...F.. H...F..`K...F...K...F...L...F...-...F...c...G....'.'G....'.>G..@.'.UG..0.'.oG....'..G...!'..G...!'..G..P&'..G...)'..G..@*'..H..`.(..H...e).7H..0.).VH...)*.xH....*..H....*..H...P+..H...Y+..H...Z+..I...]+. I..`^+.9I.. .+.UI....+.lI....+..I..P.-..I...=...I.......I.......I.. ....J..p....J......-J..p...EJ......ZJ......rJ..`....J..@....J.......J.......J..0....J.......J.......J..0....K..@....K..../.2K...,/.GK..../.\K..

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\libEGL.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):380416
                                                                                                                                                                                                                        Entropy (8bit):6.587105864412105
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:6FVfk760MmXXwvT3WpVgvpqwm9SPECshBZeD6EHh:267rjnpVgvpqwm93rIW
                                                                                                                                                                                                                        MD5:E0A5D1A5D55DFFB55513ACB736CEF1C1
                                                                                                                                                                                                                        SHA1:307FC023790AF5BF3D45678DE985E8E9F34896F7
                                                                                                                                                                                                                        SHA-256:AA5DA4005C76CFE5195B69282B2AD249D7DC2300BBC979592BD67315FC30C669
                                                                                                                                                                                                                        SHA-512:094E23869FD42C60F83E0F4D1A2CD1A29D2EFD805AC02A01CE9700B8E7B0E39E52FE86503264A0298C85F0D02B38620F1E773F2EA981F3049AEBA3104B04253F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."!.....h...b...............................................@............@A........................0;......FI..(.......x.......................P@..@........................-.......................J..`............................text....f.......h.................. ..`.rdata...............l..............@..@.data...d3...........f..............@....00cfg..............................@..@.tls................................@....rsrc...x...........................@..@.reloc..P@.......B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\libGLESv2.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):6685696
                                                                                                                                                                                                                        Entropy (8bit):6.815311523896318
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:98304:ZHYQkvdLN+UNQR14/hr5njmwSNDBVO0Bz7arD+0t1t0zA5Lgs2+A1tCw:itvwq/hr5jmwSVBJBz7arQA+sq1tC
                                                                                                                                                                                                                        MD5:44F7C21B6010048E0DCDC43D83EBD357
                                                                                                                                                                                                                        SHA1:D0A4DFD8DBAE1A8421C3043315D78ECD84502B16
                                                                                                                                                                                                                        SHA-256:F6259A9B9C284EE5916447DD9D0BA051C2908C9D3662D42D8BBE6CE6D65A37DE
                                                                                                                                                                                                                        SHA-512:7E03538DD8E798D0E808A8FC6E149E83DE9F8404E839900F6C9535DA6AAC8EF4D5C31044E547DDE34DCECE1255FAB9A9255FA069A99FCB08E49785D812B3887C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."!......M.........`<C.......................................f...........@A..........................^.....r._.d.....b.......................b.t...,0^....................../^.....P.N..............._.8....^.@....................text...J.M.......M................. ..`.rdata..<.....N.......M.............@..@.data...<....._..(...._.............@....00cfg.......pb.......a.............@..@.tls..........b.......a.............@....rsrc.........b.......a.............@..@.reloc..t.....b.......a.............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\locales\af.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):377708
                                                                                                                                                                                                                        Entropy (8bit):5.4079285675542845
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:ebGJWQdLX/Wi6fR9a5DhZ2FQPnUGSBhjA636Zi2Jyn9Ybt5KXpgmLwSVxJsVxSjf:6GJW2bOi6fRmZ2OPnUThjA636Zi2Jynd
                                                                                                                                                                                                                        MD5:7E51349EDC7E6AED122BFA00970FAB80
                                                                                                                                                                                                                        SHA1:EB6DF68501ECCE2090E1AF5837B5F15AC3A775EB
                                                                                                                                                                                                                        SHA-256:F528E698B164283872F76DF2233A47D7D41E1ABA980CE39F6B078E577FD14C97
                                                                                                                                                                                                                        SHA-512:69DA19053EB95EEF7AB2A2D3F52CA765777BDF976E5862E8CEBBAA1D1CE84A7743F50695A3E82A296B2F610475ABB256844B6B9EB7A23A60B4A9FC4EAE40346D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........E...h.....i.....j.....k.....l.....n."...o.'...p.4...r.:...s.K...t.T...v.i...w.v...y.|...z.....|.....}.....................................................................................-.....>.....E.....N.....g.....p.....{...................................................../.....?.....K.....X.....y...........................................................<.....R.....W.....].....l.....y.....}.....................................................+.....9.....A.....I.....P.....U.....c.....s...............................................%.....J.....d.....m.....y...........................................................+.....2.....5.....6.....B.....L.....V.....].....g.............................O.....^.....k.................................................................".....5.....Q.....z....................................... .....".....%.....(.$...*.D...+.G...,.e........./.....0.....1.....3.....4.....5.....6.D...7.U...8.j...9.y...<.....=.....>.....?.....@.....A.....C.$...D.+.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\locales\am.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):613642
                                                                                                                                                                                                                        Entropy (8bit):4.894733266944232
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:b3pIuPzq8xSTwO8sgjZz5E9VJAVtnuviQix30jH8+I:b3plq8xLO8zjZz5E9VJAVtSiQO
                                                                                                                                                                                                                        MD5:2009647C3E7AED2C4C6577EE4C546E19
                                                                                                                                                                                                                        SHA1:E2BBACF95EC3695DAAE34835A8095F19A782CBCF
                                                                                                                                                                                                                        SHA-256:6D61E5189438F3728F082AD6F694060D7EE8E571DF71240DFD5B77045A62954E
                                                                                                                                                                                                                        SHA-512:996474D73191F2D550C516ED7526C9E2828E2853FCFBE87CA69D8B1242EB0DEDF04030BBCA3E93236BBD967D39DE7F9477C73753AF263816FAF7D4371F363BA3
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........W...h.....i.....j.'...k.6...l.A...n.I...o.N...p.[...r.a...s.r...t.{...v.....w.....y.....z.....|.....}.........................................................................7.....S.....i.........................................L.....k.....m.....q...................................1.....A.....`.............................".....4.....=.....\.....~...................................5.....Q.....W.....Z.....i.............................K.....z.....................................................8.....G.....`.............................".........................................>.....A.....s.............................@.....G.....J.....K.....W.....`.....|.......................<............................./.....g.....w...............................................3.......................E.....j.....p.....x..................... .....".....%.6...(.c...*.....+.....,.........../.....0.....1.]...3.y...4.....5.....6.K...7.s...8.....9.....;.....<.....=.....>.?...?.I...@.i...A.....C...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\locales\ar.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):671738
                                                                                                                                                                                                                        Entropy (8bit):4.903433286644294
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:gjptqBycpX8vYULIrmhkH+P5NNb++YTzgpPMgSENeX:BB2um5S++
                                                                                                                                                                                                                        MD5:47A6D10B4112509852D4794229C0A03B
                                                                                                                                                                                                                        SHA1:2FB49A0B07FBDF8D4CE51A7B5A7F711F47A34951
                                                                                                                                                                                                                        SHA-256:857FE3AB766B60A8D82B7B6043137E3A7D9F5CFB8DDD942316452838C67D0495
                                                                                                                                                                                                                        SHA-512:5F5B280261195B8894EFAE9DF2BECE41C6C6A72199D65BA633C30D50A579F95FA04916A30DB77831F517B22449196D364D6F70D10D6C5B435814184B3BCF1667
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........*...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.!...v.6...w.C...y.I...z.X...|.^...}.p.....x.....}.................................................................'.....^.....n...................................'.....*...........V.....x.........................................G.....].....p...............................................o...................................................../.....Q.....s.......................(....._.....i.....q.....x.............................#.....:.....m.......................).....Z.....k.........................................$.....?.....U.....k...........................................................p.................7.....L.....h.......................!.....1.....9.....E.....g.......................&.....Z............................................. .'...".D...%.x...(.....*.....+.....,.6.....M.../.~...0.....1.....3.....4.....5.,...6.....7.....8.....9.....;.....<.:...=.P...>.....?.....@.....A.....C.....D.....E.!...F._.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\locales\bg.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):701716
                                                                                                                                                                                                                        Entropy (8bit):4.66095894344634
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:7Od6KqVw2iILlY+dAs1aQUfjoaVV4FH2mFxvx35uKN3CuKb7szmV2Jfu64K+z5jG:KsKqJi6lY+dAs1aQU7yZx35uK4XQzQI9
                                                                                                                                                                                                                        MD5:A19269683A6347E07C55325B9ECC03A4
                                                                                                                                                                                                                        SHA1:D42989DAF1C11FCFFF0978A4FB18F55EC71630EC
                                                                                                                                                                                                                        SHA-256:AD65351A240205E881EF5C4CF30AD1BC6B6E04414343583597086B62D48D8A24
                                                                                                                                                                                                                        SHA-512:1660E487DF3F3F4EC1CEA81C73DCA0AB86AAF121252FBD54C7AC091A43D60E1AFD08535B082EFD7387C12616672E78AA52DDDFCA01F833ABEF244284482F2C76
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........P...h.....i.....j.....k.%...l.0...n.8...o.=...p.J...r.P...s.a...t.j...v.....w.....y.....z.....|.....}.........................................................................F.....h...............................................[.........................................#.....Q.....x...................................[.........................................T...............................................'.....U......................./.....c...............................................>.....s.............................4.....^................. .....9.....V.....l...................................\...............................................&.....B.....S.....v...............................................O.....r...................................0.......................9.....z.......................-.....[............... .....".....%.....(.E...*.q...+.t...,.........../.....0.....1.....3.....4.....5.....6.....7.....8.....9.....;.3...<.G...=._...>.....?.....@.....A.....C.F.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\locales\bn.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):904943
                                                                                                                                                                                                                        Entropy (8bit):4.273773274227575
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:wqf22AwWk+ADszaaH0PaMadiMNKVbVtQW01jilDouMGsW2uMBVr+9RU4yVS5PMxq:1zW/AMfafVoCp8YbkJBbdJ2DB5y0XlRB
                                                                                                                                                                                                                        MD5:5CDD07FA357C846771058C2DB67EB13B
                                                                                                                                                                                                                        SHA1:DEB87FC5C13DA03BE86F67526C44F144CC65F6F6
                                                                                                                                                                                                                        SHA-256:01C830B0007B8CE6ACA46E26D812947C3DF818927B826F7D8C5FFD0008A32384
                                                                                                                                                                                                                        SHA-512:2AC29A3AA3278BD9A8FE1BA28E87941F719B14FBF8B52E0B7DC9D66603C9C147B9496BF7BE4D9E3AA0231C024694EF102DCC094C80C42BE5D68D3894C488098C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........K...h.....i.....j.....k.$...l./...n.7...o.=...p.J...r.P...s.a...t.j...v.....w.....y.....z.....|.....}.............................................................................................................7.....a.......................".....$.....(.....P.......................+.....T.....p.......................H...................................M.....c...........5.....D....._.........................................A.....z.................B.......................................................................H.....a.....s.........................................B.....g.............................3.....W.....{...............................................>...........j...................................6.....R.........................................g...........9.....u...........V...................................8... .M...".....%.....(. ...*.\...,._........./.....0.....1.`...3.....4.....5.....6.....7.....8.E...9.d...;.....<.....=.....>."...?.5...@.j...A.....C.3...D.S.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\locales\ca.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):426906
                                                                                                                                                                                                                        Entropy (8bit):5.400864409916039
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:+XnGrijIs3cSlFEYLCJBB43nbhjJSwmrwiwWzM1ldLbpuQ16BtryBBwIle3nei3X:iNV4ossMNu51hnW5CptA
                                                                                                                                                                                                                        MD5:D259469E94F2ADF54380195555154518
                                                                                                                                                                                                                        SHA1:D69060BBE8E765CA4DC1F7D7C04C3C53C44B8AB5
                                                                                                                                                                                                                        SHA-256:F98B7442BEFC285398A5DD6A96740CBA31D2F5AADADD4D5551A05712D693029B
                                                                                                                                                                                                                        SHA-512:D0BD0201ACF4F7DAA84E89AA484A3DEC7B6A942C3115486716593213BE548657AD702EF2BC1D3D95A4A56B0F6E7C33D5375F41D6A863E4CE528F2BD6A318240E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........N...h.....i.....j.....k.!...l.,...n.4...o.9...p.F...r.L...s.]...t.f...v.{...w.....y.....z.....|.....}...............................................................................6.....O.....o.....|.....................................................2.....J.....j.....q...........................................................1.....;.....M.....].......................................................................D.....i.................................................................+.....2.....?.....u.........................................".....5.....F.....b.....e.....}.............................................................................&.....h......................./.....P.....s.....................................................4.....P.....|...............................................:.....F... .Q...".g...%.....(.....*.....+.....,.........../.-...0.2...1.h...3.x...4.....5.....6.....7.....8.....9.(...;.6...<.D...=.R...>.l...?.v...@.....A.....C.....D.....E...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\resources.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):5245458
                                                                                                                                                                                                                        Entropy (8bit):7.995476669559971
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:98304:HLYxfQVcnNWz49PDq2AwpmqdhBh1Dd42cjrwrbHw4o0DPelwG3RC:H0pQGcMButuBhpd4jkrU4oeelrRC
                                                                                                                                                                                                                        MD5:7D5065ECBA284ED704040FCA1C821922
                                                                                                                                                                                                                        SHA1:095FCC890154A52AD1998B4B1E318F99B3E5D6B8
                                                                                                                                                                                                                        SHA-256:A10C3D236246E001CB9D434A65FC3E8AA7ACDDDDD9608008DB5C5C73DEE0BA1F
                                                                                                                                                                                                                        SHA-512:521B2266E3257ADAA775014F77B0D512FF91B087C2572359D68FFE633B57A423227E3D5AF8EE4494538F1D09AA45FFA1FE8E979814178512C37F7088DDD7995D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:............f.......P'....$*.....-...43@...4.H...4XK...4i]...4.f...4.m...4?p...4.v...4.x...4.z...4.~...4....4.....4?....4.....4....4.....4=....4z....4a....4....4....4.....4.....4.....43....4.....4.....4J....4J....4.....4.....4#....4j....4J....5.....5....v5.:..w5.;..x5.<..y5.>..z5a?...5.?...5.D...5.E...5dJ...5.O...5.V...5.f...5.w...5.x...5.|..n<&...x<....y<....z<....{<....|<....<+....<r....<8....</....<....V@....W@....X@x...Y@d...Z@....[@2...\@O...]@....^@...._@hh..`@....<A....=A.....P.~...Pe....PX....P.....P.....Pt....P.....P3....Q.....QF....Q.....Q.....Q.....Q[....QA....Q.....Q.....QW....Q.....Qv....Q9!...Q.'...QF....Q.1..,Q.F..-QsL...QLN../Q.P..0Q.U..1Q.i..2Q.j..3Q.k..4QEm..5Q.o..6Q.r..7Q~t..8QEw..9Q!x..:Q.z..;Ql...<Q)...=Q....>Q ...?Q"....R....Ry....}.....}. ...}._...}%a...}[h...}.h...}[j...}Lo...}....}.&...}.....}.6...}4;...}.=...}&B...}mG...~.O...~.d...~.q...~.t...~.|...~.}..!~...."~....#~...$~|...&~....'~A...(~....)~....*~t$..+~.4..,~.6..-~V8...~.;../~i<..0~|=..1~iA..2~.H

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\snapshot_blob.bin

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):220112
                                                                                                                                                                                                                        Entropy (8bit):3.855980291560132
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:PCwB4XM5LZsfo0p7SnaCCz3wqTYLmN6hdSajAvDGc/dH4WBlkwHvwi0UQn1nWIa3:KwNsf5PBt
                                                                                                                                                                                                                        MD5:916127734BC7C5B0DB478191A37FC19A
                                                                                                                                                                                                                        SHA1:F9D868C2578F14513FCB95E109AEC795C98DBBA3
                                                                                                                                                                                                                        SHA-256:E19ED7FB96E19BB5BFE791DF03561D654EA5D52021C3403A2652F439A8D77801
                                                                                                                                                                                                                        SHA-512:D291B26568572D5777B036577DDF30C1B6C6C41E9D53EF2D8AF735DB001EA5C568371F3907FBFFC02FEEE628F0F29AFB718AE5DEB32FF245A37947A7B1B9C297
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:..........j)11.2.214.9-electron.0...........................................D......L...........`....`....`....`b...`....`..........Y.D......`$.........D......`$.......D......`$.......m.D......`$.........D......`D.........D......`$.......1.D......`$.......D......`$.......D......`$.........D......`$.......D......`$......ID......`$.......D......`$.......D......`$....(Jb....I.....@..F^......`.....(Jb....M.....@..F^..`.....H...IDa........D`....D`....D`.......D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\v8_context_snapshot.bin

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):523336
                                                                                                                                                                                                                        Entropy (8bit):5.1733870178138
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:51ZU4IFZ/X+KBIViMMg8zYOK8B4UnK83ItBaUHK:nZaZ/OiY2BnrUAF
                                                                                                                                                                                                                        MD5:4F4D00247758C684C295243DDEDD2948
                                                                                                                                                                                                                        SHA1:F8E8FC6C22FDE9DF1D60C329E38B38A85F96BB69
                                                                                                                                                                                                                        SHA-256:4EA84C4465EEA20B46E6DED30F711F1E0D61E15574D861B0210819ABD5E895E5
                                                                                                                                                                                                                        SHA-512:2C335672979114BD68FF6F1B1B94235FBF072FE8642CAD1F7D61855B92741F0633FA0CCB77CD520BE560DB2D3AC75F9BE08E22806487BF5D3045781E3903AD45
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........r4u.11.2.214.9-electron.0................................................C..`...l...............`....`....`T...`b...`....`..........Y.D......`$.........D......`$.......D......`$.......m.D......`$.........D......`D.........D......`$.......1.D......`$.......D......`$.......D......`$.........D......`$.......D......`$......ID......`$.......D......`$.......D......`$....(Jb....I.....@..F^......`.....(Jb....M.....@..F^..`.....H...IDa........D`....D`....D`.......D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\vk_swiftshader.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):4691456
                                                                                                                                                                                                                        Entropy (8bit):6.674054781171017
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:98304:x2GmsucG1vUTM3SFhCrHglx7LQDCwchuW6ugI:cuuF4XhCGLQDCaI
                                                                                                                                                                                                                        MD5:65A5705D95A0820740B3396851FF1751
                                                                                                                                                                                                                        SHA1:A692A80BAFC41BA1B29EF19890F8465B3FB20DCB
                                                                                                                                                                                                                        SHA-256:4C4B935CBB320033F504A89B1EB0A4BCB176BBD46A5981153CB1F54DEB146A1C
                                                                                                                                                                                                                        SHA-512:0C5DF23B96EAF952C4A498FF6D854DF2B62E7631B16C2855ED37DDBADFFBA3DD52E7450F2E06CF094BEC2E0D70D14C87A652150766D90EC8662E03123DF5942D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."!.....N9..D.......4.......................................H...........@A.........................C.~...f.C.P....pF.......................F..6...:C.....................0:C......`9..............C..............................text....L9......N9................. ..`.rdata......`9......R9.............@..@.data...8T....C..z....C.............@....00cfg.......PF......TE.............@..@.tls....1....`F......VE.............@....rsrc........pF......XE.............@..@.reloc...6....F..8...^E.............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\vk_swiftshader_icd.json

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):106
                                                                                                                                                                                                                        Entropy (8bit):4.724752649036734
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:YD96WyV18tzsmyXLVi1rTVWSCwW2TJHzeZ18rY:Y8WyV18tAZLVmCwXFiZ18rY
                                                                                                                                                                                                                        MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                                                                                                                                                                                        SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                                                                                                                                                                                        SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                                                                                                                                                                                        SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\vulkan-1.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):804864
                                                                                                                                                                                                                        Entropy (8bit):6.7728821881501
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24576:cJObHhG7TEnCGlrpZpjL4TB46Z5WODYsHh6g3P0zAk722:c0c7TECgpZpju46Z5WODYsHh6g3P0zA+
                                                                                                                                                                                                                        MD5:A947C5D8FEC95A0F24B4143CED301209
                                                                                                                                                                                                                        SHA1:EBF3089985377A58B8431A14E22A814857287AAF
                                                                                                                                                                                                                        SHA-256:29CB256921A1B0F222C82650469D534CCDF038D1F395B3AAA9F1086918F5D3FA
                                                                                                                                                                                                                        SHA-512:75F5E055F4422B5558FC1CB3EA84FB7CBEAAE6F71C786CC06C295D4AB51C0B1C84E28A7C89FE544F007DBE8E612BED4059139F1575934FE4BAC8E538C674EBD3
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."!.....H...........8....................................................@A........................._..<!..L...P.... .......................0.......=.......................<.......`..............x................................text....F.......H.................. ..`.rdata..<U...`...V...L..............@..@.data...`5..........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\496db3a3-1a7f-4f1b-9fcf-efdaeed463f0.tmp.node

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):97792
                                                                                                                                                                                                                        Entropy (8bit):6.296405180836683
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:iZ7jVavjhGcYS3/OHs+6Lzmg1KWMwrBs8WF8/ZXdPKynsW7cdRY4q1EBZQctGX:iravjhGcYSPl+6LX1KWB/LShRYiBukGX
                                                                                                                                                                                                                        MD5:33D630BC67B4ED80F42CCA1683333DB8
                                                                                                                                                                                                                        SHA1:6FDC5E0EED7748B6090A3B617891F234E3849918
                                                                                                                                                                                                                        SHA-256:4902D4F3A75B44B58130A696041B1C9D38F81E5625F5484D3EFFC65F03451A3E
                                                                                                                                                                                                                        SHA-512:643012C8C053497B48670C0E5A207C8EC7736FAE3C3061A66EB1ECED88FE77772272F0086852CD4E956E8D6D61CD1D90D275A66E6261ED2B42E735B1E06DC23C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 7%, Browse
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........b..1..1..1...0..1...0n..1...0...1$'.1..1$'.0...1$'.0...1$'.0...1...0..1..1...1.$.0..1.$.1..1.$.0..1Rich..1........PE..L...8B.f...........!...'.............<....................................................@..................................g..<....................................Q..p............................L..@...............,...(b..@....................text...o........................... ..`.rdata..tn.......p..................@..@.data...P....p.......\..............@....rsrc................h..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\8643e452-b938-4f7e-b6f6-6c79c3287391.tmp.node

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1596416
                                                                                                                                                                                                                        Entropy (8bit):6.7441713301924455
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24576:hNZHyYJJhiA2bn2FBR4ynyowTFasl6UULOumD16klKFDRpvO4ZeXQlkuev2AFkL:LZT32b6tC14FDRpvOMevFk
                                                                                                                                                                                                                        MD5:3B110985C6183E6484DD5CC9223934C5
                                                                                                                                                                                                                        SHA1:EA9E2C108B25AF5452F6E5600680B4F711E73FAF
                                                                                                                                                                                                                        SHA-256:D9AFF04F4618B6302B60D11F849DB2FF02044B177A72AD2588ABC3C3CDD6EB78
                                                                                                                                                                                                                        SHA-512:B9B9AD7145931A6422D417CB8BCA27BB2AE8FA759C12AE4577A161C65F172987292A58DDFB5AE75000EA1AA1363A339A3868AFC945AD643A16D30E781B8013AF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 9%, Browse
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........................|......./H...../H...../H.............!...K......Kq.....K.....Rich...........................PE..L...cB.f...........!...'.....~...........................................................@..................................r..(..................................`*..p...........................0...@....................h..@....................text............................... ..`.rdata..j}.......~..................@..@.data....<.......0...j..............@....rsrc...............................@..@.reloc.............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3dincutv.eem.psm1

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3ofq3lde.4wp.psm1

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4qs4bf1f.sjc.psm1

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4t5nvsem.qun.psm1

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_brskhiv3.m0b.ps1

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cc21cv3h.uf5.psm1

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_drghpzag.zal.psm1

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dvdjxw0x.ou2.ps1

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hxhqdpqg.1c5.psm1

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iz5dm4ax.15d.ps1

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kkrpzhpl.i5k.psm1

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ljcdovsy.igu.psm1

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_n1i5acdv.0m3.ps1

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nsmbg5ro.bxw.ps1

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_orsy05su.rrt.ps1

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r2lcpk1r.fll.psm1

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rf2mqf4h.lgx.ps1

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sbupstr1.qth.ps1

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vjlpmqyv.1re.ps1

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vresv4fo.4ql.ps1

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\a5cccf86-07fd-48a4-a9cf-7cd44af85556.tmp.node

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):97792
                                                                                                                                                                                                                        Entropy (8bit):6.296405180836683
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:iZ7jVavjhGcYS3/OHs+6Lzmg1KWMwrBs8WF8/ZXdPKynsW7cdRY4q1EBZQctGX:iravjhGcYSPl+6LX1KWB/LShRYiBukGX
                                                                                                                                                                                                                        MD5:33D630BC67B4ED80F42CCA1683333DB8
                                                                                                                                                                                                                        SHA1:6FDC5E0EED7748B6090A3B617891F234E3849918
                                                                                                                                                                                                                        SHA-256:4902D4F3A75B44B58130A696041B1C9D38F81E5625F5484D3EFFC65F03451A3E
                                                                                                                                                                                                                        SHA-512:643012C8C053497B48670C0E5A207C8EC7736FAE3C3061A66EB1ECED88FE77772272F0086852CD4E956E8D6D61CD1D90D275A66E6261ED2B42E735B1E06DC23C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 7%, Browse
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........b..1..1..1...0..1...0n..1...0...1$'.1..1$'.0...1$'.0...1$'.0...1...0..1..1...1.$.0..1.$.1..1.$.0..1Rich..1........PE..L...8B.f...........!...'.............<....................................................@..................................g..<....................................Q..p............................L..@...............,...(b..@....................text...o........................... ..`.rdata..tn.......p..................@..@.data...P....p.......\..............@....rsrc................h..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\e10a37c2-8429-4258-9cd3-d725395e8215.tmp.node

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                        Size (bytes):1596416
                                                                                                                                                                                                                        Entropy (8bit):6.7441713301924455
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24576:hNZHyYJJhiA2bn2FBR4ynyowTFasl6UULOumD16klKFDRpvO4ZeXQlkuev2AFkL:LZT32b6tC14FDRpvOMevFk
                                                                                                                                                                                                                        MD5:3B110985C6183E6484DD5CC9223934C5
                                                                                                                                                                                                                        SHA1:EA9E2C108B25AF5452F6E5600680B4F711E73FAF
                                                                                                                                                                                                                        SHA-256:D9AFF04F4618B6302B60D11F849DB2FF02044B177A72AD2588ABC3C3CDD6EB78
                                                                                                                                                                                                                        SHA-512:B9B9AD7145931A6422D417CB8BCA27BB2AE8FA759C12AE4577A161C65F172987292A58DDFB5AE75000EA1AA1363A339A3868AFC945AD643A16D30E781B8013AF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 9%, Browse
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........................|......./H...../H...../H.............!...K......Kq.....K.....Rich...........................PE..L...cB.f...........!...'.....~...........................................................@..................................r..(..................................`*..p...........................0...@....................h..@....................text............................... ..`.rdata..j}.......~..................@..@.data....<.......0...j..............@....rsrc...............................@..@.reloc.............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\LICENSE.electron.txt

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1096
                                                                                                                                                                                                                        Entropy (8bit):5.13006727705212
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24:36DiJHxRHuyPP3GtIHw1Gg9QH+sUW8Ok4F+d1o36qjFD:36DiJzfPvGt7ICQH+sfIte36AFD
                                                                                                                                                                                                                        MD5:4D42118D35941E0F664DDDBD83F633C5
                                                                                                                                                                                                                        SHA1:2B21EC5F20FE961D15F2B58EFB1368E66D202E5C
                                                                                                                                                                                                                        SHA-256:5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
                                                                                                                                                                                                                        SHA-512:3FFBBA2E4CD689F362378F6B0F6060571F57E228D3755BDD308283BE6CBBEF8C2E84BEB5FCF73E0C3C81CD944D01EE3FCF141733C4D8B3B0162E543E0B9F3E63
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:Copyright (c) Electron contributors.Copyright (c) 2013-2020 GitHub Inc...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISIN

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\LICENSES.chromium.html

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:HTML document, ASCII text
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):8312662
                                                                                                                                                                                                                        Entropy (8bit):4.705814170451806
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24576:dbTy6TU675kfWScRQfJw91SmfJB6i6e6R626X8HHdE/pG6:tygpj
                                                                                                                                                                                                                        MD5:312446EDF757F7E92AAD311F625CEF2A
                                                                                                                                                                                                                        SHA1:91102D30D5ABCFA7B6EC732E3682FB9C77279BA3
                                                                                                                                                                                                                        SHA-256:C2656201AC86438D062673771E33E44D6D5E97670C3160E0DE1CB0BD5FBBAE9B
                                                                                                                                                                                                                        SHA-512:DCE01F2448A49A0E6F08BBDE6570F76A87DCC81179BB51D5E2642AD033EE81AE3996800363826A65485AB79085572BBACE51409AE7102ED1A12DF65018676333
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview: Generated by licenses.py; do not edit. --><!doctype html>.<html>.<head>.<meta charset="utf-8">.<meta name="viewport" content="width=device-width">.<meta name="color-scheme" content="light dark">.<title>Credits</title>.<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">.<link rel="stylesheet" href="chrome://credits/credits.css">.</head>.<body>.<span class="page-title" style="float:left;">Credits</span>.<a id="print-link" href="#" style="float:right;" hidden>Print</a>.<div style="clear:both; overflow:auto;"> Chromium <3s the following projects -->.<div class="product">.<span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span>.<span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span>.<input type="checkbox" hidden id="0">.<label class="show" for="0" tabindex="0"></label>.<div class="licence">.<pre>Copyright(C) 1997,2001 Takuya OOURA (email: ooura@kurims.kyoto-u.ac.jp)..You may us

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\SerenityTherapyInstaller.exe

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):138321408
                                                                                                                                                                                                                        Entropy (8bit):6.983404833838794
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1572864:m4sMLl/BkZTVV2iplzf+ekzrMdTOG0AfhgojwlwVgmPQtn06H9rejAEdCoIZXCVb:/l/BkVVPBDgmPKa5Wnu3X7
                                                                                                                                                                                                                        MD5:D05989CE9BE7EA67632845FA837299C9
                                                                                                                                                                                                                        SHA1:359843B36A73C0D1D513B8684A2F83AF34CE96A2
                                                                                                                                                                                                                        SHA-256:DF4030369CA29744F74BC4932A4FFD0537D41796C9D913623DE0D6214EC39D91
                                                                                                                                                                                                                        SHA-512:BEF82D9FB46849489FB87E8C5DBDE7A86DDDF2A1DCE39E752A30992258C7E01C990384D918BE99B4F51B285E77CA6ADC820948CAB6BBD12140B4F806578C5817
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 3%, Browse
                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."......"...h.......L|...........@.......................... w...........@.............................$.......h.....5.......................7..?..........................+......XO..............d...8...D........................text...B!.......".................. ..`.rdata..DWK..@...XK..&..............@..@.data.....=..........~..............@....00cfg........5......j..............@..@.rodata.`.....5......l.............. ..`.tls..........5......v..............@...CPADinfo(.....5......x..............@...malloc_hL.....5......z.............. ..`.rsrc.........5.....................@..@.reloc...?...7...?.................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\chrome_100_percent.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):127125
                                                                                                                                                                                                                        Entropy (8bit):7.915612661029362
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:vlKzwqCT4wDNzIwL2o418Gb0+VRLf0ld0GY3cQ39Vm2I:vlKzwt4uEgK18Gb0OV8ld0GecQ3f2
                                                                                                                                                                                                                        MD5:ACD0FA0A90B43CD1C87A55A991B4FAC3
                                                                                                                                                                                                                        SHA1:17B84E8D24DA12501105B87452F86BFA5F9B1B3C
                                                                                                                                                                                                                        SHA-256:CCBCA246B9A93FA8D4F01A01345E7537511C590E4A8EFD5777B1596D10923B4B
                                                                                                                                                                                                                        SHA-512:3E4C4F31C6C7950D5B886F6A8768077331A8F880D70B905CF7F35F74BE204C63200FF4A88FA236ABCCC72EC0FC102C14F50DD277A30F814F35ADFE5A7AE3B774
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:..............t...#.....:.I...J~p...K~6...L~....M~#...N~....O~`...P~m...Q~....R~....S~I...T~....U~'"..V~.,..^~.7.._~;9..b~v:..c~(<..j~.<..k~.B..l~fH..m~.J..n~.K..o~.L.....M.....N....aP....IS....BV....uY.....]....Pa.....d....h....i...hk....l....m...An....n.....................................K.....x...........4.....m.....D.............................1........................'.....*.....4.....>.....C.....D....hM.....U.....V....>X.....Z....E].....]....a...%c....d....f....h....i....k....l....o...wq....t...7v....y....}....~...m................................3.................g.....6............................k.....-...........3.....9......................H.......................Y.................{.....s....M..............F...................&....y..............\....p....Z.........Z.........g...........................T..................6...............M.................r...........1.................X.................u.......

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\chrome_200_percent.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):177406
                                                                                                                                                                                                                        Entropy (8bit):7.939611912805236
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:4DQYaEQN6AJPKNzIwafR54x5GMR+F44ffbdZnYw9p4AbIVGYoDd+HxNK/rIM0:4DQYaNN68QEVgx5GMRejnbdZnVE6YopY
                                                                                                                                                                                                                        MD5:4610337E3332B7E65B73A6EA738B47DF
                                                                                                                                                                                                                        SHA1:8D824C9CF0A84AB902E8069A4DE9BF6C1A9AAF3B
                                                                                                                                                                                                                        SHA-256:C91ABF556E55C29D1EA9F560BB17CC3489CB67A5D0C7A22B58485F5F2FBCF25C
                                                                                                                                                                                                                        SHA-512:039B50284D28DCD447E0A486A099FA99914D29B543093CCCDA77BBEFDD61F7B7F05BB84B2708AE128C5F2D0C0AB19046D08796D1B5A1CFF395A0689AB25CCB51
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:..............t...#.....:.t...J~....K~....L~....M~....N~....O~....P~.%..Q~.*..R~.-..S~c5..T~.9..U~.A..V~.V..^~Ck.._~.m..b~)o..c~yr..j~#s..k~.}..l~....m~...n~...o~......................................K.....!..................Q..............*........................a.......................,%....H0.....2....E:....(A.....F.....L.....R.....T....QY....:].....f.....i....br....Sv..........C...........).................].....}................................................................................................. ....!....%.....*.....,..........O/...../....y1.....2....l4.....6.....7....A:.....?.....C.....K.....S.....Y....._.....e....Ok.....l.....m.....n.....o.....q.....r.....s.....u....:w..............P............................%.............7................,........G........u.............B........S.........a....%........;.....................l...........T..........R...........6..........).............

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\d3dcompiler_47.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):4127200
                                                                                                                                                                                                                        Entropy (8bit):6.577665867424953
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:49152:OS7PQ+besnXqRtHKzhwSsz6Ku1FVVOsLQuouM0MeAD36FqxLfeIgSNwLTzHiU2Ir:O4PhqqFVUsLQl6FqVCLTzHxJIMd
                                                                                                                                                                                                                        MD5:3B4647BCB9FEB591C2C05D1A606ED988
                                                                                                                                                                                                                        SHA1:B42C59F96FB069FD49009DFD94550A7764E6C97C
                                                                                                                                                                                                                        SHA-256:35773C397036B368C1E75D4E0D62C36D98139EBE74E42C1FF7BE71C6B5A19FD7
                                                                                                                                                                                                                        SHA-512:00CD443B36F53985212AC43B44F56C18BF70E25119BBF9C59D05E2358FF45254B957F1EC63FC70FB57B1726FD8F76CCFAD8103C67454B817A4F183F9122E3F50
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!7P.OdP.OdP.Od..NeR.OdP.Nd..OdY..dU.Od.Jem.Od.KeQ.Od...dQ.Od..Leo.Od..Je..Od..OeQ.Od..Ge..Od..Kec.Od...dQ.Od..MeQ.OdRichP.Od................PE..L..................!.....2<..*...............P<...............................?.......?...@A.........................<<.u.....=.P.....=.@.............>..%....=.........T....................u..........@.............=..............................text...e0<......2<................. ..`.data...`"...P<......6<.............@....idata........=.......<.............@..@.rsrc...@.....=.......<.............@..@.reloc........=.......<.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\ffmpeg.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):2577408
                                                                                                                                                                                                                        Entropy (8bit):6.874677747990032
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:49152:YKM7YWN1tYNFKtJPP5f+8xH6UahvIxi9xrBYHZU7ewdCUQFdqQi9muA:YKM7YWNT2Kt9QoaUalEi9xqZ29dA
                                                                                                                                                                                                                        MD5:1BB0E1140EF08440AD47D80B70DBF742
                                                                                                                                                                                                                        SHA1:C2E4243BAD76B465B5AB39865AC023DB1632D6B0
                                                                                                                                                                                                                        SHA-256:C0D9EDDE3864D9450744F4BC526A98608B629AEED01C6647F600802E1B1CF671
                                                                                                                                                                                                                        SHA-512:29D71E3BD7DF7014A03E26CA6EE5B59FF6E3D06096742FAE5DEC6282ABD1F0D2F24C886A503E3A691D38CC68E0DA504A7F657DCEC4758B640A1A523D3EEAA57A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."!................p........................................@=...........@A.........................+&......1&.(............................`<.(...l.%.......................%.....@...............l3&..............................text...7........................... ..`.rdata..T...........................@..@.data........p&......X&.............@....00cfg.......@<......t&.............@..@.tls.........P<......v&.............@....reloc..(....`<......x&.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\icudtl.dat

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):10542048
                                                                                                                                                                                                                        Entropy (8bit):6.277141340322909
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:98304:OKPBQYOo+ddlymOk25flQCUliXUxiG9Ha93Whla6ZGdnp/8k:OKPBhORjOhCliXUxiG9Ha93Whla6ZGrn
                                                                                                                                                                                                                        MD5:D89CE8C00659D8E5D408C696EE087CE3
                                                                                                                                                                                                                        SHA1:49FC8109960BE3BB32C06C3D1256CB66DDED19A8
                                                                                                                                                                                                                        SHA-256:9DFBE0DAD5C7021CFE8DF7F52458C422CBC5BE9E16FF33EC90665BB1E3F182DE
                                                                                                                                                                                                                        SHA-512:DB097CE3EB9E132D0444DF79B167A7DCB2DF31EFFBBD3DF72DA3D24AE2230CC5213C6DF5E575985A9918FBD0A6576E335B6EBC12B6258BC93FA205399DE64C37
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html .Q....B.......B...#...B.. $...B..p$...B...$...B...%...B..`P...C...P...C...Q..(C......<C.....OC......bC..@...uC.......C..P....C.......C.......C..p....C.. ....C.......C.......D..p... D.....3D..0...FD.....YD.....lD.......D......D..0....D.......D..p....D......D..@....D.......E......E..@...*E.....=E..P...NE......bE.....rE..@....E.......E.......E..P....E.......E......E..@....F.......F.....'F..0...7F..P...JF......aF......qF...G...F.. H...F..`K...F...K...F...L...F...-...F...c...G....'.'G....'.>G..@.'.UG..0.'.oG....'..G...!'..G...!'..G..P&'..G...)'..G..@*'..H..`.(..H...e).7H..0.).VH...)*.xH....*..H....*..H...P+..H...Y+..H...Z+..I...]+. I..`^+.9I.. .+.UI....+.lI....+..I..P.-..I...=...I.......I.......I.. ....J..p....J......-J..p...EJ......ZJ......rJ..`....J..@....J.......J.......J..0....J.......J.......J..0....K..@....K..../.2K...,/.GK..../.\K..

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\libEGL.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):380416
                                                                                                                                                                                                                        Entropy (8bit):6.587105864412105
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:6FVfk760MmXXwvT3WpVgvpqwm9SPECshBZeD6EHh:267rjnpVgvpqwm93rIW
                                                                                                                                                                                                                        MD5:E0A5D1A5D55DFFB55513ACB736CEF1C1
                                                                                                                                                                                                                        SHA1:307FC023790AF5BF3D45678DE985E8E9F34896F7
                                                                                                                                                                                                                        SHA-256:AA5DA4005C76CFE5195B69282B2AD249D7DC2300BBC979592BD67315FC30C669
                                                                                                                                                                                                                        SHA-512:094E23869FD42C60F83E0F4D1A2CD1A29D2EFD805AC02A01CE9700B8E7B0E39E52FE86503264A0298C85F0D02B38620F1E773F2EA981F3049AEBA3104B04253F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."!.....h...b...............................................@............@A........................0;......FI..(.......x.......................P@..@........................-.......................J..`............................text....f.......h.................. ..`.rdata...............l..............@..@.data...d3...........f..............@....00cfg..............................@..@.tls................................@....rsrc...x...........................@..@.reloc..P@.......B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\libGLESv2.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):6685696
                                                                                                                                                                                                                        Entropy (8bit):6.815311523896318
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:98304:ZHYQkvdLN+UNQR14/hr5njmwSNDBVO0Bz7arD+0t1t0zA5Lgs2+A1tCw:itvwq/hr5jmwSVBJBz7arQA+sq1tC
                                                                                                                                                                                                                        MD5:44F7C21B6010048E0DCDC43D83EBD357
                                                                                                                                                                                                                        SHA1:D0A4DFD8DBAE1A8421C3043315D78ECD84502B16
                                                                                                                                                                                                                        SHA-256:F6259A9B9C284EE5916447DD9D0BA051C2908C9D3662D42D8BBE6CE6D65A37DE
                                                                                                                                                                                                                        SHA-512:7E03538DD8E798D0E808A8FC6E149E83DE9F8404E839900F6C9535DA6AAC8EF4D5C31044E547DDE34DCECE1255FAB9A9255FA069A99FCB08E49785D812B3887C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."!......M.........`<C.......................................f...........@A..........................^.....r._.d.....b.......................b.t...,0^....................../^.....P.N..............._.8....^.@....................text...J.M.......M................. ..`.rdata..<.....N.......M.............@..@.data...<....._..(...._.............@....00cfg.......pb.......a.............@..@.tls..........b.......a.............@....rsrc.........b.......a.............@..@.reloc..t.....b.......a.............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\af.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):377708
                                                                                                                                                                                                                        Entropy (8bit):5.4079285675542845
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:ebGJWQdLX/Wi6fR9a5DhZ2FQPnUGSBhjA636Zi2Jyn9Ybt5KXpgmLwSVxJsVxSjf:6GJW2bOi6fRmZ2OPnUThjA636Zi2Jynd
                                                                                                                                                                                                                        MD5:7E51349EDC7E6AED122BFA00970FAB80
                                                                                                                                                                                                                        SHA1:EB6DF68501ECCE2090E1AF5837B5F15AC3A775EB
                                                                                                                                                                                                                        SHA-256:F528E698B164283872F76DF2233A47D7D41E1ABA980CE39F6B078E577FD14C97
                                                                                                                                                                                                                        SHA-512:69DA19053EB95EEF7AB2A2D3F52CA765777BDF976E5862E8CEBBAA1D1CE84A7743F50695A3E82A296B2F610475ABB256844B6B9EB7A23A60B4A9FC4EAE40346D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........E...h.....i.....j.....k.....l.....n."...o.'...p.4...r.:...s.K...t.T...v.i...w.v...y.|...z.....|.....}.....................................................................................-.....>.....E.....N.....g.....p.....{...................................................../.....?.....K.....X.....y...........................................................<.....R.....W.....].....l.....y.....}.....................................................+.....9.....A.....I.....P.....U.....c.....s...............................................%.....J.....d.....m.....y...........................................................+.....2.....5.....6.....B.....L.....V.....].....g.............................O.....^.....k.................................................................".....5.....Q.....z....................................... .....".....%.....(.$...*.D...+.G...,.e........./.....0.....1.....3.....4.....5.....6.D...7.U...8.j...9.y...<.....=.....>.....?.....@.....A.....C.$...D.+.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\am.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):613642
                                                                                                                                                                                                                        Entropy (8bit):4.894733266944232
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:b3pIuPzq8xSTwO8sgjZz5E9VJAVtnuviQix30jH8+I:b3plq8xLO8zjZz5E9VJAVtSiQO
                                                                                                                                                                                                                        MD5:2009647C3E7AED2C4C6577EE4C546E19
                                                                                                                                                                                                                        SHA1:E2BBACF95EC3695DAAE34835A8095F19A782CBCF
                                                                                                                                                                                                                        SHA-256:6D61E5189438F3728F082AD6F694060D7EE8E571DF71240DFD5B77045A62954E
                                                                                                                                                                                                                        SHA-512:996474D73191F2D550C516ED7526C9E2828E2853FCFBE87CA69D8B1242EB0DEDF04030BBCA3E93236BBD967D39DE7F9477C73753AF263816FAF7D4371F363BA3
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........W...h.....i.....j.'...k.6...l.A...n.I...o.N...p.[...r.a...s.r...t.{...v.....w.....y.....z.....|.....}.........................................................................7.....S.....i.........................................L.....k.....m.....q...................................1.....A.....`.............................".....4.....=.....\.....~...................................5.....Q.....W.....Z.....i.............................K.....z.....................................................8.....G.....`.............................".........................................>.....A.....s.............................@.....G.....J.....K.....W.....`.....|.......................<............................./.....g.....w...............................................3.......................E.....j.....p.....x..................... .....".....%.6...(.c...*.....+.....,.........../.....0.....1.]...3.y...4.....5.....6.K...7.s...8.....9.....;.....<.....=.....>.?...?.I...@.i...A.....C...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\ar.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):671738
                                                                                                                                                                                                                        Entropy (8bit):4.903433286644294
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:gjptqBycpX8vYULIrmhkH+P5NNb++YTzgpPMgSENeX:BB2um5S++
                                                                                                                                                                                                                        MD5:47A6D10B4112509852D4794229C0A03B
                                                                                                                                                                                                                        SHA1:2FB49A0B07FBDF8D4CE51A7B5A7F711F47A34951
                                                                                                                                                                                                                        SHA-256:857FE3AB766B60A8D82B7B6043137E3A7D9F5CFB8DDD942316452838C67D0495
                                                                                                                                                                                                                        SHA-512:5F5B280261195B8894EFAE9DF2BECE41C6C6A72199D65BA633C30D50A579F95FA04916A30DB77831F517B22449196D364D6F70D10D6C5B435814184B3BCF1667
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........*...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.!...v.6...w.C...y.I...z.X...|.^...}.p.....x.....}.................................................................'.....^.....n...................................'.....*...........V.....x.........................................G.....].....p...............................................o...................................................../.....Q.....s.......................(....._.....i.....q.....x.............................#.....:.....m.......................).....Z.....k.........................................$.....?.....U.....k...........................................................p.................7.....L.....h.......................!.....1.....9.....E.....g.......................&.....Z............................................. .'...".D...%.x...(.....*.....+.....,.6.....M.../.~...0.....1.....3.....4.....5.,...6.....7.....8.....9.....;.....<.:...=.P...>.....?.....@.....A.....C.....D.....E.!...F._.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\bg.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):701716
                                                                                                                                                                                                                        Entropy (8bit):4.66095894344634
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:7Od6KqVw2iILlY+dAs1aQUfjoaVV4FH2mFxvx35uKN3CuKb7szmV2Jfu64K+z5jG:KsKqJi6lY+dAs1aQU7yZx35uK4XQzQI9
                                                                                                                                                                                                                        MD5:A19269683A6347E07C55325B9ECC03A4
                                                                                                                                                                                                                        SHA1:D42989DAF1C11FCFFF0978A4FB18F55EC71630EC
                                                                                                                                                                                                                        SHA-256:AD65351A240205E881EF5C4CF30AD1BC6B6E04414343583597086B62D48D8A24
                                                                                                                                                                                                                        SHA-512:1660E487DF3F3F4EC1CEA81C73DCA0AB86AAF121252FBD54C7AC091A43D60E1AFD08535B082EFD7387C12616672E78AA52DDDFCA01F833ABEF244284482F2C76
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........P...h.....i.....j.....k.%...l.0...n.8...o.=...p.J...r.P...s.a...t.j...v.....w.....y.....z.....|.....}.........................................................................F.....h...............................................[.........................................#.....Q.....x...................................[.........................................T...............................................'.....U......................./.....c...............................................>.....s.............................4.....^................. .....9.....V.....l...................................\...............................................&.....B.....S.....v...............................................O.....r...................................0.......................9.....z.......................-.....[............... .....".....%.....(.E...*.q...+.t...,.........../.....0.....1.....3.....4.....5.....6.....7.....8.....9.....;.3...<.G...=._...>.....?.....@.....A.....C.F.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\bn.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):904943
                                                                                                                                                                                                                        Entropy (8bit):4.273773274227575
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:wqf22AwWk+ADszaaH0PaMadiMNKVbVtQW01jilDouMGsW2uMBVr+9RU4yVS5PMxq:1zW/AMfafVoCp8YbkJBbdJ2DB5y0XlRB
                                                                                                                                                                                                                        MD5:5CDD07FA357C846771058C2DB67EB13B
                                                                                                                                                                                                                        SHA1:DEB87FC5C13DA03BE86F67526C44F144CC65F6F6
                                                                                                                                                                                                                        SHA-256:01C830B0007B8CE6ACA46E26D812947C3DF818927B826F7D8C5FFD0008A32384
                                                                                                                                                                                                                        SHA-512:2AC29A3AA3278BD9A8FE1BA28E87941F719B14FBF8B52E0B7DC9D66603C9C147B9496BF7BE4D9E3AA0231C024694EF102DCC094C80C42BE5D68D3894C488098C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........K...h.....i.....j.....k.$...l./...n.7...o.=...p.J...r.P...s.a...t.j...v.....w.....y.....z.....|.....}.............................................................................................................7.....a.......................".....$.....(.....P.......................+.....T.....p.......................H...................................M.....c...........5.....D....._.........................................A.....z.................B.......................................................................H.....a.....s.........................................B.....g.............................3.....W.....{...............................................>...........j...................................6.....R.........................................g...........9.....u...........V...................................8... .M...".....%.....(. ...*.\...,._........./.....0.....1.`...3.....4.....5.....6.....7.....8.E...9.d...;.....<.....=.....>."...?.5...@.j...A.....C.3...D.S.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\ca.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):426906
                                                                                                                                                                                                                        Entropy (8bit):5.400864409916039
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:+XnGrijIs3cSlFEYLCJBB43nbhjJSwmrwiwWzM1ldLbpuQ16BtryBBwIle3nei3X:iNV4ossMNu51hnW5CptA
                                                                                                                                                                                                                        MD5:D259469E94F2ADF54380195555154518
                                                                                                                                                                                                                        SHA1:D69060BBE8E765CA4DC1F7D7C04C3C53C44B8AB5
                                                                                                                                                                                                                        SHA-256:F98B7442BEFC285398A5DD6A96740CBA31D2F5AADADD4D5551A05712D693029B
                                                                                                                                                                                                                        SHA-512:D0BD0201ACF4F7DAA84E89AA484A3DEC7B6A942C3115486716593213BE548657AD702EF2BC1D3D95A4A56B0F6E7C33D5375F41D6A863E4CE528F2BD6A318240E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........N...h.....i.....j.....k.!...l.,...n.4...o.9...p.F...r.L...s.]...t.f...v.{...w.....y.....z.....|.....}...............................................................................6.....O.....o.....|.....................................................2.....J.....j.....q...........................................................1.....;.....M.....].......................................................................D.....i.................................................................+.....2.....?.....u.........................................".....5.....F.....b.....e.....}.............................................................................&.....h......................./.....P.....s.....................................................4.....P.....|...............................................:.....F... .Q...".g...%.....(.....*.....+.....,.........../.-...0.2...1.h...3.x...4.....5.....6.....7.....8.....9.(...;.6...<.D...=.R...>.l...?.v...@.....A.....C.....D.....E...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\cs.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):436202
                                                                                                                                                                                                                        Entropy (8bit):5.843819816549512
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:U4ftEfqE2jv7ShUjBA59wjd558YAGKND9Gto8QV:U41HE2jjShqywjd558YAbNDcI
                                                                                                                                                                                                                        MD5:04A680847C4A66AD9F0A88FB9FB1FC7B
                                                                                                                                                                                                                        SHA1:2AFCDF4234A9644FB128B70182F5A3DF1EE05BE1
                                                                                                                                                                                                                        SHA-256:1CC44C5FBE1C0525DF37C5B6267A677F79C9671F86EDA75B6FC13ABF5D5356EB
                                                                                                                                                                                                                        SHA-512:3A8A409A3C34149A977DEA8A4CB0E0822281AED2B0A75B02479C95109D7D51F6FB2C2772CCF1486CA4296A0AC2212094098F5CE6A1265FA6A7EB941C0CFEF83E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:......../...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.(...v.=...w.J...y.P...z._...|.e...}.w.........................................................................................#.....,.....9.....V.....d.........................................!.....?.....L.....X.....d.....o.....................................................".....4.....E.....{.......................................................................8.....O.....d.....{.................................................................H.....Z.....h.....................................................9.....<.....J.....X.....h.....w.................................................................!.....p.......................".....>.....s.....................................................&.....N.....n.........................................+.....5... .=...".N...%.u...(.....*.....+.....,.........../.....0.....1.H...3.V...4.s...5.....6.....7.....8.....9.....<."...=.,...>.A...?.I...@.[...A.....C.....D...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\da.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):396104
                                                                                                                                                                                                                        Entropy (8bit):5.454826678090317
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:Q3rSn4RJ28687mlwlGXaJwZkqEb1Phv6VP5yarXGzOJixhd4/TWwS:eND/xqkqEO5nrFTq
                                                                                                                                                                                                                        MD5:1A53D374B9C37F795A462AAC7A3F118F
                                                                                                                                                                                                                        SHA1:154BE9CF05042ECED098A20FF52FA174798E1FEA
                                                                                                                                                                                                                        SHA-256:D0C38EB889EE27D81183A0535762D8EF314F0FDEB90CCCA9176A0CE9AB09B820
                                                                                                                                                                                                                        SHA-512:395279C9246BD30A0E45D775D9F9C36353BD11D9463282661C2ABD876BDB53BE9C9B617BB0C2186592CD154E9353EA39E3FEED6B21A07B6850AB8ECD57E1ED29
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........[...h.....i.)...j.5...k.D...l.O...n.W...o.\...p.i...r.o...s.....t.....v.....w.....y.....z.....|.....}.........................................................................?.....M.....].....q.....y...........................................................4.....K.....R.....].....m.....t...........................................................5.....F.....u.............................................................................9.....T.....m.....w.....z................................................................./.....E.....k.............................................................................+.....2.....5.....6.....=.....F.....L.....S.....^.............................X.....n.......................................................................F.....[................................................... .....".....%.,...(.T...*.....+.....,.........../.....0.....1.....3.....4.%...5.=...6.o...7.....8.....9.....;.....<.....=.....>.....?.....@.....A.%...C.B...D.L.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\de.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):424277
                                                                                                                                                                                                                        Entropy (8bit):5.503137231857292
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:TFigju3qg4wajEzUKnYm31SOmhqYl51gHNiOIkCJD:TFiecqg1aqHSOu599kCJD
                                                                                                                                                                                                                        MD5:8E6654B89ED4C1DC02E1E2D06764805A
                                                                                                                                                                                                                        SHA1:FF660BC85BB4A0FA3B2637050D2B2D1AECC37AD8
                                                                                                                                                                                                                        SHA-256:61CBCE9A31858DDF70CC9B0C05FB09CE7032BFB8368A77533521722465C57475
                                                                                                                                                                                                                        SHA-512:5AC71EDA16F07F3F2B939891EDA2969C443440350FD88AB3A9B3180B8B1A3ECB11E79E752CF201F21B3DBFBA00BCC2E4F796F347E6137A165C081E86D970EE61
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:............h.V...i.g...j.s...k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.............#.....+.....3.....;.....B.....I.....P.....Q.....R.....T...........................................................$.....:.....<.....@.....h.....}.....................................................-.....Q.....d.....j.....s...............................................4.....K.....O.....R.....[.....t...................................D.....Q.....[.....c.....j.....p.....}...............................................0.....d.................................................................6.....O.....i.....p.....s.....t.....~...................................=...................................6.....?.....Q.....[.....h.....m.....r...................................(.....Y.....u.....{........................... .....".....%.....(.....*./...+.2...,.P.....a.../.w...0.....1.....3.....4.....5.....6.A...7.U...8.i...9.w...;.....<.....=.....>.....?.....@.....A.....C.....D.%.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\el.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):769050
                                                                                                                                                                                                                        Entropy (8bit):4.75072843480339
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:H/58dBquNw2202pgtZSWjZ4LIbsJvaP5A3HKQiEQBR07391qf2utKMaBlS9WffFR:H8BquNw2202pgtsWjyLrJvaRA3HtiEQG
                                                                                                                                                                                                                        MD5:9528D21E8A3F5BAD7CA273999012EBE8
                                                                                                                                                                                                                        SHA1:58CD673CE472F3F2F961CF8B69B0C8B8C01D457C
                                                                                                                                                                                                                        SHA-256:E79C1E7A47250D88581E8E3BAF78DCAF31FE660B74A1E015BE0F4BAFDFD63E12
                                                                                                                                                                                                                        SHA-512:165822C49CE0BDB82F3C3221E6725DAC70F53CFDAD722407A508FA29605BC669FB5E5070F825F02D830E0487B28925644438305372A366A3D60B55DA039633D7
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........M...h.....i.....j.....k.....l.(...n.0...o.5...p.B...r.H...s.Y...t.b...v.w...w.....y.....z.....|.....}.........................................................................P.....w.............................B.....N.....Z...................................+.....x...................................h.....y.............................&.....C.....a.................,.....4.....H.....o...................................!.....M.................8...............................................1....._.....w.................!.....2.....q.................J.....a.........................................,.....O.....|.........................................!.....3.....F.....^.......................,.................<.............................(.....;.....I.......................M.................T.................................../... .B...".e...%.....(.....*.7...+.:...,.X........./.....0.....1.m...3.....4.....5.#...6.....7.....8.....9. ...;.a...<.w...=.....>.....?.....@.....A.B...C...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\en-GB.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):344606
                                                                                                                                                                                                                        Entropy (8bit):5.5169703217013675
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:80kjE55JcUnMP9egFXwqfaYnT9Xa5alSeBNdg:80kQJZnM1XwWT05YScg
                                                                                                                                                                                                                        MD5:D59E613E8F17BDAFD00E0E31E1520D1F
                                                                                                                                                                                                                        SHA1:529017D57C4EFED1D768AB52E5A2BC929FDFB97C
                                                                                                                                                                                                                        SHA-256:90E585F101CF0BB77091A9A9A28812694CEE708421CE4908302BBD1BC24AC6FD
                                                                                                                                                                                                                        SHA-512:29FF3D42E5D0229F3F17BC0ED6576C147D5C61CE2BD9A2E658A222B75D993230DE3CE35CA6B06F5AFA9EA44CFC67817A30A87F4FAF8DC3A5C883B6EE30F87210
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:..........h.h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.(...v.=...w.J...y.P...z._...|.e...}.w...........................................................................................................3.....;.....E.....c.....t.....v.....z...........................................................+.....:.....T.....g.....k.....q...................................................................................,.....:.....S.....h.....{.......................................................................+.....5.....A.....X.....h.................................................................(.....=.....R.....f.....m.....p.....q.....x..................................................... .....P.....].....h.......................................................................-.....D.....l....................................... .....".....%.....(.....*.....+.....,./.....@.../.N...0.W...1.....3.....4.....5.....6.....7.....8.....9.(...;.9...<.A...=.L...>.a...?.i...@.x...A...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\en-US.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):347111
                                                                                                                                                                                                                        Entropy (8bit):5.508989875739037
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:xiLqIY2MuZYLMMP9ecGmM8faYdY4K55TiSbn8vMwS:xiLqIp34MM+mM0Y55eSKMwS
                                                                                                                                                                                                                        MD5:5E3813E616A101E4A169B05F40879A62
                                                                                                                                                                                                                        SHA1:615E4D94F69625DDA81DFAEC7F14E9EE320A2884
                                                                                                                                                                                                                        SHA-256:4D207C5C202C19C4DACA3FDDB2AE4F747F943A8FAF86A947EEF580E2F2AEE687
                                                                                                                                                                                                                        SHA-512:764A271A9CFB674CCE41EE7AED0AD75F640CE869EFD3C865D1B2D046C9638F4E8D9863A386EBA098F5DCEDD20EA98BAD8BCA158B68EB4BDD606D683F31227594
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:..........:.h.....i.....j.*...k.9...l.D...n.L...o.Q...p.^...r.d...s.u...t.~...v.....w.....y.....z.....|.....}.........................................................................6.....C.....R.....b.....i.....r.................................................................#...........>.....E.....Q.....l.....~.................................................................2.....:.....F.....S.....W.....Z.....`.....p...................................................................................:.....A.....P...........................................................'.....5.....H.....K.....\.....l.....|...................................................................................E.....m.....t.......................................................................0.....I.....m......................................................... .....".....%.3...(.J...*.c...+.f...,.........../.....0.....1.....3.....4.....5.....6.J...7.Z...8.o...9.|...;.....<.....=.....>.....?.....@.....A...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\es-419.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):421147
                                                                                                                                                                                                                        Entropy (8bit):5.3798866108688905
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:34e5fql0vt1s9zjzVMY/6+yN9d8piKkGp2Ioiw/QbuOXV5blUB0GLF96RRIHKxgY:34e5Sktm92Yfhpjq+5wLF96oSdc4
                                                                                                                                                                                                                        MD5:7F6696CC1E71F84D9EC24E9DC7BD6345
                                                                                                                                                                                                                        SHA1:36C1C44404EE48FC742B79173F2C7699E1E0301F
                                                                                                                                                                                                                        SHA-256:D1F17508F3A0106848C48A240D49A943130B14BD0FEB5ED7AE89605C7B7017D1
                                                                                                                                                                                                                        SHA-512:B226F94F00978F87B7915004A13CDBD23DE2401A8AFAA2517498538967DF89B735F8ECC46870C92E3022CAC795218A60AD2B8FFF1EFAD9FEEA4EC193704A568A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........b...h.&...i./...j.;...k.J...l.U...n.]...o.b...p.o...r.u...s.....t.....v.....w.....y.....z.....|.....}.........................................................................B.....T.....c.....x.................................................................I.....c.....k.....y............................................... .....%.....-.....?.....c.....t...........................................................2.....M.....d...............................................#.....6.....E.....W.....o.....w.........................................B.....N.....a.....m...........................................................$.....'.....(.....1.....:.....C.....J.....[.................2.....:.........................................+.....6.....?.....D.....]...................................@.....Y....._.....g.....u............... .....".....%.....(.....*.....+.....,.<.....b.../.....0.....1.....3.....4.....5.....6.[...7.m...8.....9.....;.....<.....=.....>.....?.....@.....A.1...C.X...D.b.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\es.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):421332
                                                                                                                                                                                                                        Entropy (8bit):5.349883254359391
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:fILAyMcQXU0+/3IgsC5pN+v6Idj3J5Orj7FQoz7L66PZqS:ALAyNQCsupUv6gj3J5OrmoznGS
                                                                                                                                                                                                                        MD5:A36992D320A88002697DA97CD6A4F251
                                                                                                                                                                                                                        SHA1:C1F88F391A40CCF2B8A7B5689320C63D6D42935F
                                                                                                                                                                                                                        SHA-256:C5566B661675B613D69A507CBF98768BC6305B80E6893DC59651A4BE4263F39D
                                                                                                                                                                                                                        SHA-512:9719709229A4E8F63247B3EFE004ECFEB5127F5A885234A5F78EE2B368F9E6C44EB68A071E26086E02AA0E61798B7E7B9311D35725D3409FFC0E740F3AA3B9B5
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........Z...h.....i.....j.*...k.9...l.D...n.L...o.Q...p.^...r.d...s.u...t.~...v.....w.....y.....z.....|.....}.........................................................................:.....M.....].....r...........................................................(.....G.....a.....i.....w.....................................................!.....).....;.....N....._.................................................................3.....S.....}............................................... .....-.....>.....V.....^.....o...................................5.....@.....J.....V.....h.............................................................................'.....0.....7.....H.................3.....;.........................................+.....6.....B.....G....._.........................................G.....M.....U.....c............... .....".....%.....(.....*.....+.....,.).....C.../.]...0.d...1.....3.....4.....5.....6.6...7.G...8.\...9.n...;.....<.....=.....>.....?.....@.....A.....C.1...D.;.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\et.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):380687
                                                                                                                                                                                                                        Entropy (8bit):5.464870724176939
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:2Mg++J/xRN0JLnrC4HFJbT/RauiQ/G5LjR43f7LQkPQW:2MmJnq7DG5LjQ
                                                                                                                                                                                                                        MD5:A94E1775F91EA8622F82AE5AB5BA6765
                                                                                                                                                                                                                        SHA1:FF17ACCDD83AC7FCC630E9141E9114DA7DE16FDB
                                                                                                                                                                                                                        SHA-256:1606B94AEF97047863481928624214B7E0EC2F1E34EC48A117965B928E009163
                                                                                                                                                                                                                        SHA-512:A2575D2BD50494310E8EF9C77D6C1749420DFBE17A91D724984DF025C47601976AF7D971ECAE988C99723D53F240E1A6B3B7650A17F3B845E3DAEEFAAF9FE9B9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........m...h.<...i.M...j.Y...k.h...l.s...n.{...o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................!.....(...../.....6.....7.....8.....:.....l.....|...............................................,.....B.....D.....H.....p.................................................................5.....B.....H.....P.....^.....m.....v.......................................................................-.....F.....Z.....o.......................................................................0.....=.....W.....e.................................................................-.....B.....V.....m.....t.....w.....x...............................................U.....[...............................................$.....).....,.....<.....b.....x.........................................$.....6.....O.....Z... .d...".w...%.....(.....*.....+.....,....... .../.8...0.E...1.n...3.y...4.....5.....6.....7.....8.....9.+...;.>...<.K...=.T...>.g...?.o...@.~...A.....C.....D...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\fa.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):622184
                                                                                                                                                                                                                        Entropy (8bit):5.029655615738747
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:Kxw5iX9nuyaXTfwHxwNUWGOGfStQEvy1zeItDmNtua/1wMTAKzIxRAQiHedNu36/:Kxw5YuyaXTfwRwNUWGOGfStQEvy1zeIR
                                                                                                                                                                                                                        MD5:9D273AF70EAFD1B5D41F157DBFB94FDC
                                                                                                                                                                                                                        SHA1:DA98BDE34B59976D4514FF518BD977A713EA4F2E
                                                                                                                                                                                                                        SHA-256:319D1E20150D4E3F496309BA82FCE850E91378EE4B0C7119A003A510B14F878B
                                                                                                                                                                                                                        SHA-512:0A892071BEA92CC7F1A914654BC4F9DA6B9C08E3CB29BB41E9094F6120DDC7A08A257C0D2B475C98E7CDCF604830E582CF2A538CC184056207F196FFC43F29AD
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:............h.z...i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|."...}.4.....<.....A.....I.....Q.....Y.....`.....g.....n.....p.....u.............................,.....5.....].....k.....u...................................A.....p.....v...................................E.....`.........................................T.....y.....................................................8.....W.......................+.....F.....N.....V.....].....g.....x.............................+.....B....._.............................3.....B.....\.....r.........................................-.....J.....Q.....T.....e.....v.....................................................s............................./.....7.....J.....V.....b.......................$.....J.....w...................................G.....Z... .m...".....%.....(.....*.(...+.+...,.I.....m.../.....0.....1.....3.....4.+...5._...6.....7.....8.....9.G...;.W...<.i...=.}...>.....?.....@.....A.....C.V...D.}...E...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\fi.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):389118
                                                                                                                                                                                                                        Entropy (8bit):5.427253181023048
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:nEbM+RtZ9eC6cMkohGZxGseSFOE/xaWEkLl5W5ucHiEi18OWUcrOShPGNgX1wL2:V+/upPgZxaS5W5xHiEi18OWUsU2
                                                                                                                                                                                                                        MD5:D4B776267EFEBDCB279162C213F3DB22
                                                                                                                                                                                                                        SHA1:7236108AF9E293C8341C17539AA3F0751000860A
                                                                                                                                                                                                                        SHA-256:297E3647EAF9B3B95CF833D88239919E371E74CC345A2E48A5033EBE477CD54E
                                                                                                                                                                                                                        SHA-512:1DC7D966D12E0104AACB300FD4E94A88587A347DB35AD2327A046EF833FB354FD9CBE31720B6476DB6C01CFCB90B4B98CE3CD995E816210B1438A13006624E8F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:............h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.(...|.....}.@.....H.....M.....U.....].....e.....l.....s.....z.....{.....|...........................................................$....._.....x.....z.....~.....................................................7.....E.....R.....f.....v.....|...........................................................".....,.....2.....Q.....j.................................................................&.....3.....H.....N.....V...............................................!.....-.....>.....O.....R.....`.....r.............................................................................9.............................,.....?.....h.....w...........................................................5.....X............................................. .....".....%.....(.3...*.S...+.V...,.t........./.....0.....1.....3.....4.....5.6...6.p...7.....8.....9.....;.....<.....=.....>.....?.#...@.B...A.z...C.....D.....E...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\fil.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):438088
                                                                                                                                                                                                                        Entropy (8bit):5.195613019166525
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:2zHaVyEDQV5aZrU+5xeuhGjZ3ZmA58Pm+7JATvy8:2zNMdU4XA5Imb
                                                                                                                                                                                                                        MD5:3165351C55E3408EAA7B661FA9DC8924
                                                                                                                                                                                                                        SHA1:181BEE2A96D2F43D740B865F7E39A1BA06E2CA2B
                                                                                                                                                                                                                        SHA-256:2630A9D5912C8EF023154C6A6FB5C56FAF610E1E960AF66ABEF533AF19B90CAA
                                                                                                                                                                                                                        SHA-512:3B1944EA3CFCBE98D4CE390EA3A8FF1F6730EB8054E282869308EFE91A9DDCD118290568C1FC83BD80E8951C4E70A451E984C27B400F2BDE8053EA25B9620655
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:..........].h.....i.....j.....k.....l.....n.....o.....p.&...r.,...s.=...t.F...v.[...w.h...y.n...z.}...|.....}...........................................................................................5.....<.....E.....d.....l.....y...................................................../.....E.....O.....^.....................................................".....8.......................................................................%.....J.....d.....~.................................................................+.....h.....q.....}...................................&.....4.....I.....o.....r................................................................. .....*.....5.....>.....O.................(.....0.................................................................,.....R.....l.............................6.....=.....H.....Y............... .....".....%.....(.....*.....+.....,.*.....B.../.W...0.`...1.....3.....4.....5.....6.....7.3...8.O...9.d...;.}...<.....=.....>.....?.....@.....A...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\fr.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):454982
                                                                                                                                                                                                                        Entropy (8bit):5.385096169417585
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:07bju28t6QuagV1ZztzYpZ4MYnYM/LDBW5Mx0q20wCbKZL3wfzkCh1f/5FEs6rYr:6JVzbf55Z
                                                                                                                                                                                                                        MD5:0BF28AFF31E8887E27C4CD96D3069816
                                                                                                                                                                                                                        SHA1:B5313CF6B5FBCE7E97E32727A3FAE58B0F2F5E97
                                                                                                                                                                                                                        SHA-256:2E1D413442DEF9CAE2D93612E3FD04F3AFAF3DD61E4ED7F86400D320AF5500C2
                                                                                                                                                                                                                        SHA-512:95172B3B1153B31FCEB4B53681635A881457723CD1000562463D2F24712267B209B3588C085B89C985476C82D9C27319CB6378619889379DA4FAE1595CB11992
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........>...h.....i.....j.....k.....l.....n.....o."...p./...r.5...s.F...t.O...v.d...w.q...y.w...z.....|.....}...........................................................................................1.....<.....E.....g.....s.....{.....................................................+.....<.....I.....W..............................................."...........j.......................................................................,.....M.....p.......................................................................T.....b.....l.........................................+.....:.....R.....U.....l...................................................................................[.......................$.....9.....N.................................................................X.........................................$.....E.....O... .[...".t...%.....(.....*.....+.....,.........../.#...0.1...1.n...3.....4.....5.....6.....7.....8.4...9.J...;.]...<.k...=.}...>.....?.....@.....A.....C.(...D.:.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\gu.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):879149
                                                                                                                                                                                                                        Entropy (8bit):4.32399215971305
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:Xz2UMY57hmdUoITsKMaWZKerbtsMhmksd4M+0+z20QmuOAl5VpvoxWnhygfZw/gQ:D2UMY57h9w4MSbsp5cLhdKE8
                                                                                                                                                                                                                        MD5:7B5F52F72D3A93F76337D5CF3168EBD1
                                                                                                                                                                                                                        SHA1:00D444B5A7F73F566E98ABADF867E6BB27433091
                                                                                                                                                                                                                        SHA-256:798EA5D88A57D1D78FA518BF35C5098CBEB1453D2CB02EF98CD26CF85D927707
                                                                                                                                                                                                                        SHA-512:10C6F4FAAB8CCB930228C1D9302472D0752BE19AF068EC5917249675B40F22AB24C3E29EC3264062826113B966C401046CFF70D91E7E05D8AADCC0B4E07FEC9B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........N...h.....i.....j.$...k.3...l.>...n.F...o.K...p.X...r.^...s.o...t.x...v.....w.....y.....z.....|.....}.............................................................................................................T.....l.................'.....).....5.....].......................4.....S.....i.............................l.................................................................'.....k.....t.....w.............................a.................;.....[.....n.....v.....}.......................+.....:.....f.......................X.....y...........].....s...................................6.....X.....w...............................................-.....L.....c....................... .....B.................Q.............................3.....?.....K.....}...................................o.............................3.....[... .a...".....%.....(.....*.g...+.j...,.........../.....0.....1.~...3.....4.....5.....6.[...7.....8.....9.....;.Q...<.h...=.....>.....?.....@.....A.D...C...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\he.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):544193
                                                                                                                                                                                                                        Entropy (8bit):4.6265566170608325
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:DczykRrlOUmTU2/S9iyBZ60DAf1X2VeQCap4M52QoLpMzu5flmd9DnwWHQgZ:+F55VoQ
                                                                                                                                                                                                                        MD5:6D787DC113ADFB6A539674AF7D6195DB
                                                                                                                                                                                                                        SHA1:F966461049D54C61CDD1E48EF1EA0D3330177768
                                                                                                                                                                                                                        SHA-256:A976FAD1CC4EB29709018C5FFCC310793A7CEB2E69C806454717CCAE9CBC4D21
                                                                                                                                                                                                                        SHA-512:6748DAD2813FC544B50DDEA0481B5ACE3EB5055FB2D985CA357403D3B799618D051051B560C4151492928D6D40FCE9BB33B167217C020BDCC3ED4CAE58F6B676
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........)...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.%...v.:...w.G...y.M...z.\...|.b...}.t.....|.............................................................................2.....K.....^.....w.....................................................4.....O.....f.....y.............................%.....:....._.....r.....z...................................9.....A.....K.....g...............................................C.....m............................................... .....<.....d.....n...................................2.....}...................................!.....$.....7.....N.....a.....y................................................................._.........../.....9.............................".....:.....@.....L.....].....e.............................$....._............................................. .1...".L...%.}...(.....*.....+.....,.........../.....0.....1.W...3.l...4.....5.....6.....7.....8.1...9.E...;.Z...<.t...=.....>.....?.....@.....A.B...C.u.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\hi.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):921748
                                                                                                                                                                                                                        Entropy (8bit):4.3093889077968495
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:zGFGsUtYgPLdROwJgdkFSvf4QAEm5dmGhsYK/GR3TX4/NMdpqdYnLsuFQdXPtg8y:zGEAgT/Zu5J57JtK
                                                                                                                                                                                                                        MD5:1766A05BE4DC634B3321B5B8A142C671
                                                                                                                                                                                                                        SHA1:B959BCADC3724AE28B5FE141F3B497F51D1E28CF
                                                                                                                                                                                                                        SHA-256:0EEE8E751B5B0AF1E226106BEB09477634F9F80774FF30894C0F5A12B925AC35
                                                                                                                                                                                                                        SHA-512:FAEC1D6166133674A56B5E38A68F9E235155CC910B5CCEB3985981B123CC29EDA4CD60B9313AB787EC0A8F73BF715299D9BF068E4D52B766A7AB8808BD146A39
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........"...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.,...w.9...y.?...z.N...|.T...}.f.....n.....s.....{.....................................................6.....X.....}.............................&.....@...................................%.....S.....y.......................&.............................Z.....j.....................................................2.....n.....w.....z.......................A.................).....o..............................................._.....n.................7.....T...............................................$.....n.....q............................./.....b.....i.....l.....n.........................................R...................................Z.....z...................................5.................q.................\...................................0... .K...".k...%.....(.....*.2...+.5...,.S........./.....0.....1.p...3.....4.....5.....6._...7.....8.....9.....;.^...<.r...=.....>.....?.....@.....A.;...C...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\hr.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):423481
                                                                                                                                                                                                                        Entropy (8bit):5.516218200944141
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:yL0fCmEZW/FhjNmvgVRTKBOS+/6ocIG0uPXuyAF6WI6DkYAiKbeM/ogQbn7xjemW:QYCmNLjN3pV5v5tE77ORS
                                                                                                                                                                                                                        MD5:8F9498D18D90477AD24EA01A97370B08
                                                                                                                                                                                                                        SHA1:3868791B549FC7369AB90CD27684F129EBD628BE
                                                                                                                                                                                                                        SHA-256:846943F77A425F3885689DCF12D62951C5B7646E68EADC533B8B5C2A1373F02E
                                                                                                                                                                                                                        SHA-512:3C66A84592DEBE522F26C48B55C04198AD8A16C0DCFA05816825656C76C1C6CCCF5767B009F20ECB77D5A589EE44B0A0011EC197FEC720168A6C72C71EBF77FD
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........h...h.2...i.C...j.O...k.^...l.i...n.q...o.v...p.....r.....s.....t.....v.....w.....y.....z.....|.....}...........................................%.....,.....-...........0.....Y.....e.....q.................................................................A.....T.....p.....x...........................................................".....*.....8.....G.....X.............................................................................%.....B.....c.......................................................................G.....U.....a.....w.............................................../.....2.....B.....S.....f.....|.................................................................(.....g.............................8.....l.....{.....................................................I.....h................................................... .....".0...%.U...(.r...*.....+.....,.........../.....0.....1.....3.)...4.F...5.d...6.....7.....8.....9.....;.....<.....=.....>.4...?.=...@.N...A.....C...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\hu.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):456789
                                                                                                                                                                                                                        Entropy (8bit):5.643595706627357
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:SGAK2lkJ2gSSSfLOAYkky1MV5QgsZfGRAxY62R9PSam7EEOEeLvx5gR4RStG2r2/:pAKWkJ2gSsAkV5QgsiR4747vx5VL/
                                                                                                                                                                                                                        MD5:F5E1CA8A14C75C6F62D4BFF34E27DDB5
                                                                                                                                                                                                                        SHA1:7ABA6BFF18BDC4C477DA603184D74F054805C78F
                                                                                                                                                                                                                        SHA-256:C0043D9FA0B841DA00EC1672D60015804D882D4765A62B6483F2294C3C5B83E0
                                                                                                                                                                                                                        SHA-512:1050F96F4F79F681B3EAF4012EC0E287C5067B75BA7A2CBE89D9B380C07698099B156A0EB2CBC5B8AA336D2DAA98E457B089935B534C4D6636987E7E7E32B169
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........6...h.....i.....j.....k.....l.....n.....o.....p.....r.#...s.4...t.=...v.R...w._...y.e...z.t...|.z...}.....................................................................................2.....G.....W.....q.....................................................9.....X.....d.....}...............................................0.....5.....;.....N.....^.....s.....................................................-.....G.....d.....z.......................#.....?.....H.....P.....W.....].....l...............................................(.....Q.....x...........................................................;.....`.....u.....|...............................................1.......................b.....w...........................................................K.....l.......................5.....L.....T....._.....w............... .....".....%.....(.....*.8...+.;...,.Y.....j.../.....0.....1.....3.....4.....5.....6.P...7.k...8.....9.....;.....<.....=.....>.....?.....@.....A.0...C.U...D.b.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\id.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):373937
                                                                                                                                                                                                                        Entropy (8bit):5.37852966615304
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:Fl9jv1p49ahfjDVnjHFsRmP28Wvr5PdhpvtEDSVsEaOq:FlLpblVnjHFCm+8Sr5Pdhzq
                                                                                                                                                                                                                        MD5:7B39423028DA71B4E776429BB4F27122
                                                                                                                                                                                                                        SHA1:CB052AB5F734D7A74A160594B25F8A71669C38F2
                                                                                                                                                                                                                        SHA-256:3D95C5819F57A0AD06A118A07E0B5D821032EDCF622DF9B10A09DA9AA974885F
                                                                                                                                                                                                                        SHA-512:E40679B01AB14B6C8DFDCE588F3B47BCAFF55DBB1539B343F611B3FCBD1D0E7D8C347A2B928215A629F97E5F68D19C51AF775EC27C6F906CAC131BEAE646CE1A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........@...h.....i.....j.....k.....l.....n.!...o.&...p.3...r.9...s.J...t.S...v.h...w.u...y.{...z.....|.....}.................................................................................................5.....=.....T.....[.....e.......................................................................,.....J.....[.....h.............................................................................;.....?.....B.....G.....[.....j.....~.................................................................*.....F.....L.....a.........................................6.....H.....Q.....\.....r.........................................................................................!.....'.....3.....a.........................................C.....M.....Y.....`.....h.....o.....v.........................................>.....Q.....V.....\.....i............... .....".....%.....(.....*.....+.....,.#.....3.../.B...0.F...1.z...3.....4.....5.....6.....7.....8.....9.'...;.5...<.>...=.K...>.`...?.h...@.y...A...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\it.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):414412
                                                                                                                                                                                                                        Entropy (8bit):5.287149423624235
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:8cPuDjrpxctogSrqRrhsO11RT9TeexAGTL6+q2WKLV9fLwY+25OM388HrmwGWNBI:8cmDZREZJy8KL1LjAS5ZzoC
                                                                                                                                                                                                                        MD5:D58A43068BF847C7CD6284742C2F7823
                                                                                                                                                                                                                        SHA1:497389765143FAC48AF2BD7F9A309BFE65F59ED9
                                                                                                                                                                                                                        SHA-256:265D8B1BC479AD64FA7A41424C446139205AF8029A2469D558813EDD10727F9C
                                                                                                                                                                                                                        SHA-512:547A1581DDA28C5C1A0231C736070D8A7B53A085A0CE643A4A1510C63A2D4670FF2632E9823CD25AE2C7CDC87FA65883E0A193853890D4415B38056CB730AB54
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........S...h.....i.....j.%...k.4...l.?...n.G...o.L...p.Y...r._...s.p...t.y...v.....w.....y.....z.....|.....}.........................................................................1.....D.....S.....l.....w.................................................................?.....F.....V.....d.....p.....}...............................................!.....7.....k.............................................................................O.....t.......................................................................>.....L.....Y.....v...........................................................3.....H.....[.....s.................................................................*.....u.............................,.....R.....Z.....n.....w...............................................3.....N............................................. .....".....%.....(.(...*.D...+.G...,.e.....v.../.....0.....1.....3.....4.....5.....6.}...7.....8.....9.....;.....<.....=.....>.....?.....@./...A.]...C.....D...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\ja.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):505292
                                                                                                                                                                                                                        Entropy (8bit):5.701779406023226
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:rO2YZ2QUgbjicTver049pUVOT6z4Z72hA/Na4oQPkwaIAOenOIUNH7bbeCcX5RWX:rOpZ2eH/IzSVKo4Z728owPS58HRxVX
                                                                                                                                                                                                                        MD5:D10D536BCD183030BA07FF5C61BF5E3A
                                                                                                                                                                                                                        SHA1:44DD78DBA9F098AC61222EB9647D111AD1608960
                                                                                                                                                                                                                        SHA-256:2A3D3ABC9F80BAD52BD6DA5769901E7B9E9F052B6A58A7CC95CE16C86A3AA85A
                                                                                                                                                                                                                        SHA-512:C67AEDE9DED1100093253E350D6137AB8B2A852BD84B6C82BA1853F792E053CECD0EA0519319498AED5759BEDC66D75516A4F2F7A07696A0CEF24D5F34EF9DD2
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:..........y.h.....i.....j.....k.....l.....m.....o.....p.....v.....w.....y.....z.....|.....}.0.....8.....=.....E.....P.....X.....g.....l.....t.....{...............................................$.....*.....<.....d.....y...................................).....S.....t...............................................'.....H.....c.....i.....x.............................5.....;.....M.....k...............................................E.....u.....................................................+.....R.....^.............................Q.....~...............................................#.....8.....d...........................................................V...........,.....2...................................5.....>.....J.....P.....Y.....t.............................8............................................. .....".....%.I...(.....*.....+.....,.........../.....0.#...1.h...3.....4.....5.....6.....7.4...8.R...9.p...;.....<.....=.....>.....?.....@.....A.E...C.l...D.....E.....F.....G...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\kn.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1012272
                                                                                                                                                                                                                        Entropy (8bit):4.2289205973296395
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:VxaK34cS7yFcH4dr/4g7M5iVUZ+xw+UFV:jf7/K5uUb
                                                                                                                                                                                                                        MD5:C548A5F1FB5753408E44F3F011588594
                                                                                                                                                                                                                        SHA1:E064AB403972036DAD1B35ABE9794E95DBE4CC00
                                                                                                                                                                                                                        SHA-256:890F50A57B862F482D367713201E1E559AC778FC3A36322D1DFBBEF2535DD9CB
                                                                                                                                                                                                                        SHA-512:6975E4BB1A90E0906CF6266F79DA6CC4AE32F72A6141943BCFCF9B33F791E9751A9AAFDE9CA537F33F6BA8E4D697125FBC2EC4FFD3BC35851F406567DAE7E631
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........m...h.<...i.M...j.Y...k.h...l.s...n.{...o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................!.....(...../.....6.....7.....8.....=.................=.....}......................./.....A.............................:.......................&.....d.................-.....U.................6.....N.....j.................L.............................4.....C.....F.....d.................4.................e.........................................P.....o...............................................J...........,.....H.....v.................(.....+.....e.......................G.....................................................(...........V...................................H.....`.....................................................c.................e.......................0.....k......... .....".....%._...(.....*.....+.....,.......4.../.l...0.....1.....3.7...4.....5.....6.U...7.....8.....9.....;.O...<.l...=.....>.....?.....@.....A.....C.....D...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\ko.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):425545
                                                                                                                                                                                                                        Entropy (8bit):6.081959799252044
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:4Y3l9B6CI1zt8OhrJRFJCqM5T718I8Mtmq7hUoBAA:aZJo5D8GAA
                                                                                                                                                                                                                        MD5:B4FBFF56E4974A7283D564C6FC0365BE
                                                                                                                                                                                                                        SHA1:DE68BD097DEF66D63D5FF04046F3357B7B0E23AC
                                                                                                                                                                                                                        SHA-256:8C9ACDE13EDCD40D5B6EB38AD179CC27AA3677252A9CD47990EBA38AD42833E5
                                                                                                                                                                                                                        SHA-512:0698AA058561BB5A8FE565BB0BEC21548E246DBB9D38F6010E9B0AD9DE0F59BCE9E98841033AD3122A163DD321EE4B11ED191277CDCB8E0B455D725593A88AA5
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:............h.z...i.....j.....k.....l.....m.....o.....p.....r.....s.....t.....y.....z.....|.....}.......$.....).....1.....<.....D.....S.....X....._.....f.....h.....m...........................................................e.....u.....w.....{...............................................'.....F.....S.....f.....z...............................................$.....*.....3.....F.....Y....._.....b.....h.........................................8.....O.....U.....].....d.....m.....z................................... .....-.....W.....t.........................................,...../.....<.....L.....Y.....r.....................................................".......................s.................................................................=.....T...................................!.....'.....=.....O.....\... ._...".i...%.....(.....*.....+.....,.+.....A.../.^...0.j...1.....3.....4.....5.....6.=...7.S...8.j...9.z...;.....<.....=.....>.....?.....@.....A.....C.6...D.F...E.g...F.~...G...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\lt.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):457220
                                                                                                                                                                                                                        Entropy (8bit):5.634955727013476
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:Ca5OlSk7unX4nkokvgneIVUoCb1DD7U5R3zv9dFaL8tx9e2lJ2I96S2:Ca5Olrpgme2UoC9c59zv9fx9eoP6S2
                                                                                                                                                                                                                        MD5:980C27FD74CC3560B296FE8E7C77D51F
                                                                                                                                                                                                                        SHA1:F581EFA1B15261F654588E53E709A2692D8BB8A3
                                                                                                                                                                                                                        SHA-256:41E0F3619CDA3B00ABBBF07B9CD64EC7E4785ED4C8A784C928E582C3B6B8B7DB
                                                                                                                                                                                                                        SHA-512:51196F6F633667E849EF20532D57EC81C5F63BAB46555CEA8FAB2963A078ACDFA84843EDED85C3B30F49EF3CEB8BE9E4EF8237E214EF9ECFF6373A84D395B407
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........U...h.....i.....j.)...k.8...l.C...n.K...o.P...p.]...r.c...s.t...t.}...v.....w.....y.....z.....|.....}.........................................................................8.....F.....S.....g.....r.....................................................5.....T.....m.....v...............................................!.....6.....=.....F.....S.....a.....u.....................................................&.....<.....Z.....w.............................5.....>.....F.....M.....X.....j.....................................................-.....T.....m.....{.................................................................H.....O.....R.....S.....].....h.....o.....y.................).....x.............................G.....X.....v...............................................B.....d...............................................)... .>...".N...%.m...(.....*.....+.....,.........../.!...0.$...1.U...3.f...4.....5.....6.....7. ...8.@...9.T...;.b...<.s...=.....>.....?.....@.....A.....C.:.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\lv.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):455871
                                                                                                                                                                                                                        Entropy (8bit):5.635474464056208
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:GOQDGtu4e+D8NHtVFHTPq7K4vHo4q3sb3755ZanXDEG9Aarl4zxmEA5QXls14:GOQUZ2Gu4vTqw75KEGGmEs14
                                                                                                                                                                                                                        MD5:E4F7D9E385CB525E762ECE1AA243E818
                                                                                                                                                                                                                        SHA1:689D784379BAC189742B74CD8700C687FEEEDED1
                                                                                                                                                                                                                        SHA-256:523D141E59095DA71A41C14AEC8FE9EE667AE4B868E0477A46DD18A80B2007EF
                                                                                                                                                                                                                        SHA-512:E4796134048CD12056D746F6B8F76D9EA743C61FEE5993167F607959F11FD3B496429C3E61ED5464551FD1931DE4878AB06F23A3788EE34BB56F53DB25BCB6DF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........e...h.,...i.=...j.I...k.X...l.c...n.k...o.p...p.}...r.....s.....t.....v.....w.....y.....z.....|.....}.................................................&.....'.....(.....*.....O.....b.....u.....................................................!.....%.....M.....].....s.....z...............................................!.....2.....8.....>.....Q.....e.....{...........................................................%.....7.....I.....g.....}...........................................................3.....7.....P.........................................+.....<.....O.....d.....v...........................................................".....#.....-.....8.....@.....G.....Y.................-.....8...................................%.....,.....;.....>.....I....._.............................#.....T.....i.....p.....y..................... .....".....%.....(.....*.....+.1...,.O.....r.../.....0.....1.....3.....4.....5.!...6.\...7.|...8.....9.....<.....=.....>.....?.....@.....A.9...C.X...D.e.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\ml.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1056673
                                                                                                                                                                                                                        Entropy (8bit):4.264965642462621
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:AYtrLnsoR47/R7nUwmoMmWDcZubSA/d+8di3ethK5d/7dxOt3ab:lt0oNwMi3eG5d/7Ot3c
                                                                                                                                                                                                                        MD5:8B38C65FC30210C7AF9B6FA0424266F4
                                                                                                                                                                                                                        SHA1:116413710FFCF94FBFA38CB97A47731E43A306F5
                                                                                                                                                                                                                        SHA-256:E8DF9A74417C5839C531D7CCAB63884A80AFB731CC62CBBB3FD141779086AC7D
                                                                                                                                                                                                                        SHA-512:0FD349C644AC1A2E7ED0247E40900D3A9957F5BEF1351B872710D02687C934A8E63D3A7585E91F7DF78054AEFF8F7ABD8C93A94FCD20C799779A64278BAB2097
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........j...h.6...i.G...j.S...k.b...l.m...n.u...o.z...p.....r.....s.....t.....v.....w.....y.....z.....|.....}.....................................".....).....0.....1.....2.....7.................".....b.....}.......................N...........3.....5.....9.....a.......................M.....{.................@.....n...........!.....e.............................'.......................C.....}.............................H.................=.................P.....~.........................................v.................I.....j.........................................b...................................q.......................b.....i.....l.....n.............................1...........q.....'.....E...........N...........(.....`...................................;.............................Y.....4.............................;.....k... .....".....%.n...(.....*.....+.....,.M........./.....0.....1.}...3.....4.....5.>...6.....7.....8.....9.....;.....<.8...=.X...>.....?.....@.....A.....C...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\mr.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):863911
                                                                                                                                                                                                                        Entropy (8bit):4.295071040310227
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:OVDue+/Ti/eFcDX6WRAWXXspvidz0F5MU9G3GRe3RQR3K5/knxi4nou4bmHwIZus:eueAi2FZW2bo26lp70Kte5zGpGiBs
                                                                                                                                                                                                                        MD5:C0EF1866167D926FB351E9F9BF13F067
                                                                                                                                                                                                                        SHA1:6092D04EF3CE62BE44C29DA5D0D3A04985E2BC04
                                                                                                                                                                                                                        SHA-256:88DF231CF2E506DB3453F90A797194662A5F85E23BBAC2ED3169D91A145D2091
                                                                                                                                                                                                                        SHA-512:9E2B90F3AC1AE5744C22C2442FBCD86A8496AFC2C58F6CA060D6DBB08AF6F7411EF910A7C8CA5AEDEE99B5443D4DFF709C7935E8322CB32F8B071EE59CAEE733
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........(...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.#...t.,...v.A...w.N...y.T...z.c...|.i...}.{.......................................................................9.....[.....}...................................!...................................).....\.............................?.......................&.....E.....a.....w.......................[...............................................4.....^.......................L...................................&.....2.....U.....n.......................i.....................................................;.....X.........................................:.....m.....t.....w.....y.........................................7...................................-.....F.....f.....o.............................".....v.................O.............................?.....t......... .....".....%.,...(.b...*.....+.....,.........../.?...0.L...1.....3.....4.....5.P...6.....7.....8.:...9.b...;.....<.....=.....>.....?.....@.I...A.}...C...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\ms.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):390303
                                                                                                                                                                                                                        Entropy (8bit):5.258177538585681
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:zCsFFfyrvxoQuXkulRopY/5BI8T5sHAVHMM/k3y:tQxoNlR6K5v5vVsMZ
                                                                                                                                                                                                                        MD5:9B3E2F3C49897228D51A324AB625EB45
                                                                                                                                                                                                                        SHA1:8F3DAEC46E9A99C3B33E3D0E56C03402CCC52B9D
                                                                                                                                                                                                                        SHA-256:61A3DAAE72558662851B49175C402E9FE6FD1B279E7B9028E49506D9444855C5
                                                                                                                                                                                                                        SHA-512:409681829A861CD4E53069D54C80315E0C8B97E5DB4CD74985D06238BE434A0F0C387392E3F80916164898AF247D17E8747C6538F08C0EF1C5E92A7D1B14F539
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........c...h.(...i.0...j.<...k.K...l.V...n.^...o.c...p.p...r.v...s.....t.....v.....w.....y.....z.....|.....}................................................................... .....J.....].....q.................................................................<.....R.....r.....{.......................................................................+.....;.....J.....y.............................................................................6.....S.....w.............................................................................:.....S....._.................................................................0.....I.....`.....s.....z.....}.....~.....................................................M.....T.................................................................2.....N.....f.....................................................,.....:... .=...".I...%.u...(.....*.....+.....,.........../.....0.....1.....3.;...4.Z...5.m...6.....7.....8.....9.....;.....<.....=.....>.:...?.B...@.W...A...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\nb.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):383011
                                                                                                                                                                                                                        Entropy (8bit):5.424530593988954
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:rmRAsByIhGvbSqOp7f21zg2mKP7s4Uzwn5el4nYHOp1D:rmRGxvbSqOp7f21vs4kM5el4Jp1D
                                                                                                                                                                                                                        MD5:AF0FD9179417BA1D7FCCA3CC5BEE1532
                                                                                                                                                                                                                        SHA1:F746077BBF6A73C6DE272D5855D4F1CA5C3AF086
                                                                                                                                                                                                                        SHA-256:E900F6D0DD9D5A05B5297618F1FE1600C189313DA931A9CB390EE42383EB070F
                                                                                                                                                                                                                        SHA-512:C94791D6B84200B302073B09357ABD2A1D7576B068BAE01DCCDA7BC154A6487145C83C9133848CCF4CB9E6DC6C5A9D4BE9D818E5A0C8F440A4E04AE8EABD4A29
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........S...h.....i.....j.+...k.:...l.E...n.M...o.R...p._...r.e...s.v...t.....v.....w.....y.....z.....|.....}.........................................................................3.....>.....M.....`.....h.....r.....................................................$.....<.....A.....P.....a.....h.....t...........................................................).....\.....o.....v.....{...........................................................).....A.....Z.....e.....i.....q.....x.....~...........................................................5.....X.....n.....w.........................................................................................!.....).....4.....;.....F.....v.......................>.....X.....p...........................................................&.....?.....W................................................... .....".....%. ...(.@...*.c...+.f...,.........../.....0.....1.....3.....4.....5.....6.L...7.c...8.....9.....;.....<.....=.....>.....?.....@.....A.....C.".

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\nl.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):395064
                                                                                                                                                                                                                        Entropy (8bit):5.365550895872654
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:9V01rV7gSsX5SEHDpaQe3D+qnRVd5qYx1Gp7KhaPW:96NFgSsX5S1V7d5qYx1Gp7KcPW
                                                                                                                                                                                                                        MD5:181D2A0ECE4B67281D9D2323E9B9824D
                                                                                                                                                                                                                        SHA1:E8BDC53757E96C12F3CD256C7812532DD524A0EA
                                                                                                                                                                                                                        SHA-256:6629E68C457806621ED23AA53B3675336C3E643F911F8485118A412EF9ED14CE
                                                                                                                                                                                                                        SHA-512:10D8CC9411CA475C9B659A2CC88D365E811217D957C82D9C144D94843BC7C7A254EE2451A6F485E92385A660FA01577CFFA0D64B6E9E658A87BEF8FCCBBEAF7E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........E...h.....i.....j.....k.....l.#...n.+...o.0...p.=...r.C...s.T...t.]...v.r...w.....y.....z.....|.....}...............................................................................$.....4.....E.....N.....W.....r.....z.....................................................'.....7.....I.....V.....c...........................................................!.....`.....u.....z...........................................................+.....G.....f.......................................................................9.....E.....].....v.....................................................2.....F.....Y.....t.................................................................'.....a...................................<.....I.....Y.....a.....j.....n.....r...................................".....O.....d.....m.....x..................... .....".....%.....(.....*.....+.....,.!.....2.../.I...0.S...1.....3.....4.....5.....6.....7.....8.;...9.J...;.Z...<.h...=.v...>.....?.....@.....A.....C.....D...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\pl.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):439920
                                                                                                                                                                                                                        Entropy (8bit):5.766175831058526
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:f2jujSo9/D+Xgv3iWGb1vPiCUdhUo3Ymhz1QhjAB5cUE447e:Sc3N1Qhw5me
                                                                                                                                                                                                                        MD5:18D49D5376237BB8A25413B55751A833
                                                                                                                                                                                                                        SHA1:0B47A7381DE61742AC2184850822C5FA2AFA559E
                                                                                                                                                                                                                        SHA-256:1729AA5C8A7E24A0DB98FEBCC91DF8B7B5C16F9B6BB13A2B0795038F2A14B981
                                                                                                                                                                                                                        SHA-512:45344A533CC35C8CE05CF29B11DA6C0F97D8854DAE46CF45EF7D090558EF95C3BD5FDC284D9A7809F0B2BF30985002BE2AA6A4749C0D9AE9BDFF4AD13DE4E570
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........T...h.....i.....j.%...k.4...l.?...n.G...o.L...p.Y...r._...s.p...t.y...v.....w.....y.....z.....|.....}.........................................................................6.....E.....S.....h.....q...........................................................3.....M.....S.....g.....|.................................................................).....;.....n.............................................................................2.....N.....i.....{.................................................................+.....6.....V.....c...........................................................(.....7.....M.....d.....{...........................................................T.............................,.....i.....r.....................................................7.....V.....r............................................. .....".)...%.K...(.c...*.....+.....,.........../.....0.....1.....3.,...4.K...5.i...6.....7.....8.....9.....;.....<.....=.....>.....?.$...@.7...A.{...C...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\pt-BR.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):415447
                                                                                                                                                                                                                        Entropy (8bit):5.426006792591415
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:Bm1HqF4Znh9GzBtNBXBLd1OUDcpryHF55NJND0bsRzlb2:UHrnhMzX5PJB4sRxC
                                                                                                                                                                                                                        MD5:0D9DEA9E24645C2A3F58E4511C564A36
                                                                                                                                                                                                                        SHA1:DCD2620A1935C667737EEA46CA7BB2BDCB31F3A6
                                                                                                                                                                                                                        SHA-256:CA7B880391FCD319E976FCC9B5780EA71DE655492C4A52448C51AB2170EEEF3B
                                                                                                                                                                                                                        SHA-512:8FCF871F8BE7727E2368DF74C05CA927C5F0BC3484C4934F83C0ABC98ECAF774AD7ABA56E1BF17C92B1076C0B8EB9C076CC949CD5427EFCADE9DDF14F6B56BC5
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........j...h.6...i.G...j.S...k.b...l.m...n.u...o.z...p.....r.....s.....t.....v.....w.....y.....z.....|.....}.....................................".....).....0.....1.....2.....7....._.....q.....................................................#.....%.....).....T.....c.....|...................................................../.....F.....P.....X.....h.....y...........................................................%.....:.....H.....Y.....r.................................................................+.....5.....F.....~...............................................).....;.....S.....V.....g.....y.............................................................................=.....y............................. .....H.....R.....i.....p.....z...............................................3.....f....................................... .....".....%.....(.....*.(...+.+...,.I.....Z.../.n...0.w...1.....3.....4.....5.....6.-...7.A...8.Y...9.l...;.|...<.....=.....>.....?.....@.....A.....C.!...D.+.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\pt-PT.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):416977
                                                                                                                                                                                                                        Entropy (8bit):5.401132911995885
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:isWkrPyGJeOMqieJVJJxhlOlxLu3ov5xKqSR0B:X3PBxj8zv5xKqSRW
                                                                                                                                                                                                                        MD5:6A7232F316358D8376A1667426782796
                                                                                                                                                                                                                        SHA1:8B70FE0F3AB2D73428F19ECD376C5DEBA4A0BB6C
                                                                                                                                                                                                                        SHA-256:6A526CD5268B80DF24104A7F40F55E4F1068185FEBBBB5876BA2CB7F78410F84
                                                                                                                                                                                                                        SHA-512:40D24B3D01E20AE150083B00BB6E10BCA81737C48219BCE22FA88FAAAD85BDC8C56AC9B1EB01854173B0ED792E34BDFBAC26D3605B6A35C14CF2824C000D0DA1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........s...h.H...i.Y...j.e...k.t...l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................%.....-.....4.....;.....B.....C.....D.....I.....r...........................................................&.....(.....,.....W.....f...........................................................!.....9.....C.....K.....\.....n.................................................................%.....3.....D.....b.................................................................#.....+.....<.....t.....~...............................................(.....:.....T.....W.....h.....|.............................................................................N...................................0.....X.....b.....|.....................................................;.....^............................................. .....".....%.....(.3...*.P...+.S...,.q........./.....0.....1.....3.....4.....5.8...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.+...A.a...C...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\ro.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):430191
                                                                                                                                                                                                                        Entropy (8bit):5.460617985170646
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:pqgw32K4aoFt3GgnSYn0vLi5OU6ois2a/7ulqr:pqgVzFt3GgnSY0vLi5OXo3/5r
                                                                                                                                                                                                                        MD5:99EAA3D101354088379771FD85159DE1
                                                                                                                                                                                                                        SHA1:A32DB810115D6DCF83A887E71D5B061B5EEFE41F
                                                                                                                                                                                                                        SHA-256:33F4C20F7910BC3E636BC3BEC78F4807685153242DD4BC77648049772CF47423
                                                                                                                                                                                                                        SHA-512:C6F87DA1B5C156AA206DC21A9DA3132CBFB0E12E10DA7DC3B60363089DE9E0124BBAD00A233E61325348223FC5953D4F23E46FE47EC8E7CA07702AC73F3FD2E9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........L...h.....i.....j.....k.$...l./...n.7...o.<...p.I...r.O...s.`...t.i...v.~...w.....y.....z.....|.....}.........................................................................1.....@.....L.....Z.....e.....p...........................................................<.....E.....^.....n.....y...............................................+.....?.....T.................................................................M.....n...................................#.....+.....2.....8.....G.....Y.....n.....u...............................................T.....b.....t.....................................................,.....@.....G.....J.....K.....W.....c.....p.....y.................).....r.....z.............................9.....S.....d.....l.....r.....x.............................3.....V............................................. .....".....%.<...(.S...*.k...+.n...,.........../.....0.....1.....3.....4.'...5.G...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.&...A._...C.....D...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\ru.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):703696
                                                                                                                                                                                                                        Entropy (8bit):4.836890612319527
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:ckXRY5eXN2hHO3j/jHXzvMBsiA2kkce8P/XyFGGJGswfaZ/LeUFCcYWIkHWajf+F:ck5LZ5w6pF
                                                                                                                                                                                                                        MD5:AB9902025DCF7D5408BF6377B046272B
                                                                                                                                                                                                                        SHA1:C9496E5AF3E2A43377290A4883C0555E27B1F10F
                                                                                                                                                                                                                        SHA-256:983B15DCC31D0E9A3DA78CD6021E5ADD2A3C2247322ADED9454A5D148D127AAE
                                                                                                                                                                                                                        SHA-512:D255D5F5B6B09AF2CDEC7B9C171EEBB1DE1094CC5B4DDF43A3D4310F8F5F223AC48B8DA97A07764D1B44F1D4A14FE3A0C92A0CE6FE9A4AE9A6B4A342E038F842
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:..........S.h.....i.....j.....k.....l.....n.#...o.(...p.5...r.;...s.L...t.U...v.j...w.w...y.}...z.....|.....}.........................................................................:.....W.....t.........................................E.....l.....n.....r...................................(.....A.....K.............................3.....?.....b.......................+.....5.....F.....[.....v.........................................8.....f.........................................*.....K.....e...................................H.....i.............................7.....t.....w...................................B.....I.....L.....M.....].....q...................................>.....J.................#.....e.........................................6.....t.................:.......................#.....7.....G.....w......... .....".....%.....(.....*.....+.....,.........../.....0.....1.]...3.t...4.....5.....6.N...7.r...8.....9.....;.....<.....=.....>.8...?.G...@.f...A.....C.!...D.2...E.j...F...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\sk.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):443094
                                                                                                                                                                                                                        Entropy (8bit):5.818852266406701
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:vQt/WMWyqiLJcPXPk5ELALWaQlKDEmLFGR:vQYfyqiWPXM5ELALWaQlwdLE
                                                                                                                                                                                                                        MD5:C6C7396DBFB989F034D50BD053503366
                                                                                                                                                                                                                        SHA1:089F176B88235CCE5BCA7ABFCC78254E93296D61
                                                                                                                                                                                                                        SHA-256:439F7D6C23217C965179898754EDCEF8FD1248BDD9B436703BF1FF710701117A
                                                                                                                                                                                                                        SHA-512:1476963F47B45D2D26536706B7EEBA34CFAE124A3087F7727C4EFE0F19610F94393012CDA462060B1A654827E41F463D7226AFA977654DCD85B27B7F8D1528EB
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........U...h.....i. ...j.,...k.;...l.F...n.N...o.S...p.`...r.f...s.w...t.....v.....w.....y.....z.....|.....}.........................................................................A.....U.....].....o.....z.....................................................9.....R.....q.....w...............................................!.....0.....6.....>.....N....._.....s.....................................................$.....:.....L.....h.......................................................................".....=.....|...............................................*.....9.....a.....d.....v...................................................................................d.......................t.........................................%.....0.....9.....P.....x.............................U.....r.....z........................... .....".....%.....(.....*.6...+.9...,.W.....h.../.....0.....1.....3.....4.....5.....6.D...7.Y...8.p...9.....;.....<.....=.....>.....?.....@.....A.(...C.I...D.T...E.t.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\sl.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):427791
                                                                                                                                                                                                                        Entropy (8bit):5.48540289392965
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:iyCeC3SMQRB21BPDwY5oEcAVOlJgi/fzxzqg:iTJ6kDwY5oEc0i/fzxt
                                                                                                                                                                                                                        MD5:D4BD9F20FD29519D6B017067E659442C
                                                                                                                                                                                                                        SHA1:782283B65102DE4A0A61B901DEA4E52AB6998F22
                                                                                                                                                                                                                        SHA-256:F33AFA6B8DF235B09B84377FC3C90403C159C87EDD8CD8004B7F6EDD65C85CE6
                                                                                                                                                                                                                        SHA-512:ADF8D8EC17E8B05771F47B19E8027F88237AD61BCA42995F424C1F5BD6EFA92B23C69D363264714C1550B9CD0D03F66A7CFB792C3FBF9D5C173175B0A8C039DC
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........A...h.....i.....j.....k.....l.....n.!...o.&...p.3...r.9...s.J...t.S...v.h...w.u...y.{...z.....|.....}.....................................................................................*.....:.....B.....R.....y...............................................,.....D.....N.....X.....b.....m.....{.................................................................M.....c.....h.....o...........................................................%.....C.....d.................................................................3.....=.....L.....c.....v.....................................................-.....@.....P.....e.....|.................................................................Y.............................2.....m.....z.....................................................2.....H.....o............................................. .....".....%.....(.P...*.t...+.w...,.........../.....0.....1.....3. ...4.<...5.Q...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.,...A.....C...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\sr.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):660194
                                                                                                                                                                                                                        Entropy (8bit):4.761695251077794
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:oLNvoUKEuNI0I4Ki1eg82ATs+Hc549x4moW037LJzk/k/N:xrnqJc5Axjw
                                                                                                                                                                                                                        MD5:CBB817A58999D754F99582B72E1AE491
                                                                                                                                                                                                                        SHA1:6EC3FD06DEE0B1FE5002CB0A4FE8EC533A51F9FD
                                                                                                                                                                                                                        SHA-256:4BD7E466CB5F5B0A451E1192AA1ABAAF9526855A86D655F94C9CE2183EC80C25
                                                                                                                                                                                                                        SHA-512:EFEF29CEDB7B08D37F9DF1705D36613F423E994A041B137D5C94D2555319FFB068BB311884C9D4269B0066746DACD508A7D01DF40A8561590461D5F02CB52F8B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........e...h.,...i.=...j.I...k.X...l.c...n.k...o.p...p.}...r.....s.....t.....v.....w.....y.....z.....|.....}.................................................&.....'.....(.....*.....y............................. .....b.........................................?.....c.........................................?.....V.....o...................................3.....R...................................'.....1.....A.....M.....l.............................J.....................................................4.....@.....c.............................-.....l...................................P.....S.....n.....................................................%.....1.....J.....Y.....o.......................).................&.....n...............................................g.......................H...................................0.....E... .Y...".....%.....(.....*.....+."...,.@.....h.../.....0.....1.....3.....4.R...5.....6.....7.....8.B...9.v...;.....<.....=.....>.....?.....@.....A.....C...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\sv.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):385361
                                                                                                                                                                                                                        Entropy (8bit):5.543491670458518
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:M4pITVzssdlJ9EAjiws8cB7xjpZ/4LLXru9M9SOxDE/xUDvZv5pB5mEgb7:BpIXzJ9V2B1q5/5mz
                                                                                                                                                                                                                        MD5:502E4A8B3301253ABE27C4FD790FBE90
                                                                                                                                                                                                                        SHA1:17ABCD7A84DA5F01D12697E0DFFC753FFB49991A
                                                                                                                                                                                                                        SHA-256:7D72E3ADB35E13EC90F2F4271AD2A9B817A2734DA423D972517F3CFF299165FD
                                                                                                                                                                                                                        SHA-512:BD270ABAF9344C96B0F63FC8CEC04F0D0AC9FC343AB5A80F5B47E4B13B8B1C0C4B68F19550573A1D965BB18A27EDF29F5DD592944D754B80EA9684DBCEDEA822
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........0...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.*...t.3...v.H...w.U...y.[...z.j...|.p...}...........................................................................................!.....).....2.....M.....U.....`...........................................................&.....-.....:.....c.....t.........................................................../.....;.....C.....U.....e.....i.....s.....z...................................%.....H.....S.....Y.....a.....h.....n.....{.....................................................).....R.....q.....y.................................................................$.....+.........../.....7.....?.....J.....R.....].................".....).....u.................................................................'.....?.....k...............................................".....*... ./...".9...%.[...(.x...*.....+.....,.........../.....0.....1.....3.)...4.P...5.e...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.%...A.Q...C.p.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\sw.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):404460
                                                                                                                                                                                                                        Entropy (8bit):5.342349721117576
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:icM47G565vqimUwbQuBndO8gJGgnATm5A1vZcsToe4t2ht:iy7GsP5Ar
                                                                                                                                                                                                                        MD5:39277AE2D91FDC1BD38BEA892B388485
                                                                                                                                                                                                                        SHA1:FF787FB0156C40478D778B2A6856AD7B469BD7CB
                                                                                                                                                                                                                        SHA-256:6D6D095A1B39C38C273BE35CD09EB1914BD3A53F05180A3B3EB41A81AE31D5D3
                                                                                                                                                                                                                        SHA-512:BE2D8FBEDAA957F0C0823E7BEB80DE570EDD0B8E7599CF8F2991DC671BDCBBBE618C15B36705D83BE7B6E9A0D32EC00F519FC8543B548422CA8DCF07C0548AB4
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........Y...h.....i.....j.+...k.:...l.E...n.M...o.R...p._...r.e...s.v...t.....v.....w.....y.....z.....|.....}.........................................................................3.....E.....U.....i.....u...........................................................+.....H.....N.....Z.....m.....z.....................................................$.....8.....E.....p.......................................................................8.....W.....{................................................................. .....[.....m.....{...................................(.....4.....K.....x.....{.........................................................................................+.....\...................................+.....P.....Z.....r.....x...............................................-.....L............................................. .....".....%.....(.7...*.S...+.V...,.t........./.....0.....1.....3.....4.....5.1...6.i...7.....8.....9.....;.....<.....=.....>.....?.....@.....A.9.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\ta.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1043803
                                                                                                                                                                                                                        Entropy (8bit):4.044068430611977
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:LXNxfy+orMVjLn1ExBlhfg5yzntRMcA2i:rffyrrMFL1cB3g5yzMcA2i
                                                                                                                                                                                                                        MD5:7006691481966109CCE413F48A349FF2
                                                                                                                                                                                                                        SHA1:6BD243D753CF66074359ABE28CFAE75BCEDD2D23
                                                                                                                                                                                                                        SHA-256:24EA4028DA66A293A43D27102012235198F42A1E271FE568C7FD78490A3EE647
                                                                                                                                                                                                                        SHA-512:E12C0D1792A28BF4885E77185C2A0C5386438F142275B8F77317EB8A5CEE994B3241BB264D9502D60BFBCE9CF8B3B9F605C798D67819259F501719D054083BEA
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........(...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.#...v.8...w.E...y.K...z.Z...|.`...}.r.....z.................................................................M.....{.............................v.......................n.....p.....t.................E.....c.......................;.......................0.....m...............................................$.....`...................................0.....y.................9.............................!.....(.....F.....n.......................3.............................F...........;.....`.......................7.....:.....n.................$.....Z.....................................................E.....#.......................Q.................c.............................#...../.....s.............................B.................*.....?.....d............... .....".....%.}...(.....*.O...+.R...,.p........./.....0.....1.u...3.....4.....5.....6.....7.]...8.....9.....;.'...<.G...=.j...>.....?.....@.....A.9...C...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\te.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):965006
                                                                                                                                                                                                                        Entropy (8bit):4.295544641165274
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:wM9fKUyABW3p1F9SviTlw2cfgvNFOJgr/p54JVQJMwKpaJC28+58XoX0Doq9OyUk:wM9fKU6225jM9h
                                                                                                                                                                                                                        MD5:F809BF5184935C74C8E7086D34EA306C
                                                                                                                                                                                                                        SHA1:709AB3DECFF033CF2FA433ECC5892A7AC2E3752E
                                                                                                                                                                                                                        SHA-256:9BBFA7A9F2116281BF0AF1E8FFB279D1AA97AC3ED9EBC80C3ADE19E922D7E2D4
                                                                                                                                                                                                                        SHA-512:DE4B14DD6018FDBDF5033ABDA4DA2CB9F5FCF26493788E35D88C07A538B84FDD663EE20255DFD9C1AAC201F0CCE846050D2925C55BF42D4029CB78B057930ACD
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........o...h.@...i.Z...j.f...k.u...l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................&...........5.....<.....C.....D.....E.....J.................5.....r.............................#.............................8.....~.......................T.....v.......................x...........#.....A.....c.......................s.......................=...................................V.................v...........>.....s.........................................h.....}.................L.....g.................n.......................:.....c.............................".....R.........................................%.....L.....s.................k...................................1.............................A.....V.....e...........".....r...........P...........>.............................U.....|... .....".....%.....(.q...*.....+.....,.........../.n...0.....1.#...3.F...4.....5.....6.O...7.....8.....9.$...;.Q...<.n...=.....>.....?.....@.....A.Z.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\th.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):811437
                                                                                                                                                                                                                        Entropy (8bit):4.342029978594925
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:1Jf31Mkgs3s5UWgHLRflsjj8cKGXdlogG0EeuLADh7Kle9dKj753ohP09XAyFHyJ:1Qzt5/5l
                                                                                                                                                                                                                        MD5:2C41616DFE7FCDB4913CFAFE5D097F95
                                                                                                                                                                                                                        SHA1:CF7D9E8AD3AA47D683E47F116528C0E4A9A159B0
                                                                                                                                                                                                                        SHA-256:F11041C48831C93AA11BBF885D330739A33A42DB211DACCF80192668E2186ED3
                                                                                                                                                                                                                        SHA-512:97329717E11BC63456C56022A7B7F5DA730DA133E3FC7B2CC660D63A955B1A639C556B857C039A004F92E5F35BE61BF33C035155BE0A361E3CD6D87B549DF811
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:..........y.h.....i.....j.....k.....l.....o.....p.....r.....s.....t.....v.....w.....y.....z.,...|.2...}.D.....L.....Q.....Y.....d.....l.....q.....y.............................................................................(.....7................................... .....Y.....k.............................=.....\.....z.............................^.................d.....................................................J.....w.......................F.....y...............................................,.....J.....t.................".....y.................E.....c...................................&.....G.....d.....................................................;...........P.................n.................j.........................................9.......................C.....{...........5.....>.....S..................... .....".....%.?...(.....*.....+.....,.........../.U...0.h...1.....3.....4.V...5.....6.)...7.J...8.....9.....;.....<.....=.....>.X...?.....@.....A.....C. ...D.<...E.o.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\tr.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):411446
                                                                                                                                                                                                                        Entropy (8bit):5.6133974766805546
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:y1MAG26Pl1kY1bkQq/7I5NsA7WGgeh5X/0+gi1ZavXEAQwiBvVGI:9j2Yle66s5775X/R
                                                                                                                                                                                                                        MD5:3A858619502C68D5F7DE599060F96DB9
                                                                                                                                                                                                                        SHA1:80A66D9B5F1E04CDA19493FFC4A2F070200E0B62
                                                                                                                                                                                                                        SHA-256:D81F28F69DA0036F9D77242B2A58B4A76F0D5C54B3E26EE96872AC54D7ABB841
                                                                                                                                                                                                                        SHA-512:39A7EC0DFE62BCB3F69CE40100E952517B5123F70C70B77B4C9BE3D98296772F10D3083276BC43E1DB66ED4D9BFA385A458E829CA2A7D570825D7A69E8FBB5F4
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........}...h.\...i.m...j.w...k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.......".....'...../.....7.....?.....F.....M.....T.....U.....V.....X...........................................................L.....f.....h.....l.....................................................:.....O.....[.....~............................................... .....$.....,.....9.....N.....P.....S.....Z.....q.....................................................!.....(...../.....D.....X.....{.........................................3.....V.....e.....q.....|.............................................................................).....2.....9.....D.....L.....[.................!.....'.....o.................................................................9.....X.........................................!.....0.....G.....M... .X...".m...%.....(.....*.....+.....,.........../.....0.%...1.Z...3.g...4.}...5.....6.....7.....8.....9.2...;.B...<.M...=.Z...>.m...?.v...@.....A.....C...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\uk.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):705061
                                                                                                                                                                                                                        Entropy (8bit):4.868598768447113
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:wrccq9nty/KiDswU1nbx05kB3IjUUmEg5KuoLNiXElqnOyh:HGX35EEK
                                                                                                                                                                                                                        MD5:EE70E9F3557B9C8C67BFB8DFCB51384D
                                                                                                                                                                                                                        SHA1:FC4DFC35CDE1A00F97EEFE5E0A2B9B9C0149751E
                                                                                                                                                                                                                        SHA-256:54324671A161F6D67C790BFD29349DB2E2D21F5012DC97E891F8F5268BDF7E22
                                                                                                                                                                                                                        SHA-512:F4E1DA71CB0485851E8EBCD5D5CF971961737AD238353453DB938B4A82A68A6BBAF3DE7553F0FF1F915A0E6640A3E54F5368D9154B0A4AD38E439F5808C05B9F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:............h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.,...|.2...}.D.....L.....Q.....Y.....a.....i.....p.....w.....~...................................!.....K.....d.....m.............................P.....R.....V.....~...................................%.....F.........................................1.....S.....y.............................!.....8.....Q.....[.....k.....{.............................A.....n.........................................(.....H.....l.....x.......................&.....=.........................................A.....D.....i.............................'...........1.....2.....B.....T.....f.....y.............................+.................$.....~...................................$.....R.......................<.....w.............................E.....u......... .....".....%.....(.....*.{...+.~...,.........../.....0. ...1.....3.....4.....5.....6.Z...7.}...8.....9.....;.....<.....=.....>.I...?.X...@.y...A.....C.1...D.J.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\ur.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):617109
                                                                                                                                                                                                                        Entropy (8bit):5.143761316646653
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:LbeI8PzGSEiyqkAXsA5rzTExbWW7mQYrjuUco/9NjjFpvIx:LbDwz5qWK
                                                                                                                                                                                                                        MD5:FF0A23974AEF88AFC86ECC806DBF1D60
                                                                                                                                                                                                                        SHA1:E7BAE97CBB8692A0D106644DFAA9B7D7EA6FCEF0
                                                                                                                                                                                                                        SHA-256:F245AB242AAFEEF37DB736C780476534FAD0706AA66DCB8B6B8CD181B4778385
                                                                                                                                                                                                                        SHA-512:AABE8160FAC7E0EB8E8EB80963FE995FA4A802147D1B8F605BC0FE3F8E2474463C1D313471C11C85EB5578112232FDC8E89B8A6D43DBE38A328538FF30A78D08
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........S...h.....i.....j.....k.+...l.6...n.>...o.C...p.P...r.V...s.g...t.p...v.....w.....y.....z.....|.....}.........................................................................v...............................................!.....c...............................................3.....Z.....g.............................:.....a.....k.....~.......................+.....\.....f.....y.........................................(.....J.....x.......................7.....F.....N.....U.....i...................................P.....c.....}.................(.....X.....g...............................................!.....?.....].....~.....................................................W.................C.............................!.....=.....C.....Q.....e.....k.......................^.......................+.....7.....L.....e............... .....".....%.....(.....*.K...+.N...,.l........./.....0.....1.....3.1...4.^...5.....6.....7.....8.S...9.l...;.....<.....=.....>.....?.....@.....A.....C.W.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\vi.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):488196
                                                                                                                                                                                                                        Entropy (8bit):5.7988900625034185
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:gzLBn6cDgszBm0JXbwS1LcxzIJj758+UIi0+UELbzi830l:gpdDgsz00JrwSNizS5Hti0+UUvi830l
                                                                                                                                                                                                                        MD5:3FE6F90F1F990AED508DEDA3810CE8C2
                                                                                                                                                                                                                        SHA1:3B86F00666D55E984B4ACA1A5E8319FFA8F411FF
                                                                                                                                                                                                                        SHA-256:5EEBB23221AEBCF0BE01BFC2695F7DD35B17F6769BE1E28E5610D35C9717854B
                                                                                                                                                                                                                        SHA-512:9AA9D55F112C8B32AA636086CFD2161D97EA313CAC1A44101014128124A03504C992AC8EFD265ABA4E91787AEF7134A14507A600F5EC96FF82DF950A8883828C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:............h.j...i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.!...}.3.....;.....@.....H.....P.....X....._.....f.....m.....n.....o.....q...............................................(.....2.....Y.....x.....z.....~................................... .....+.....D.....t...........................................................5.....L.....V.....a.....r...........................................................T.....q.................................................................o...................................<.....P.....[.....i.....|.........................................#.....:.....A.....D.....E.....N.....W.....c.....m.......................4.....C.....................................................2.....=....._.............................4.....i....................................... .....".....%.....(.E...*.j...+.m...,.........../.....0.....1.....3.....4.*...5.?...6.y...7.....8.....9.....;.....<.....=.....>.....?.'...@.I...A.u...C...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\zh-CN.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):354097
                                                                                                                                                                                                                        Entropy (8bit):6.680890808929274
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:gchsAAfyrtJw99jEaZx79+vKK4/+kTme5zBNCJ7GAmlv:gAAfyrtJAoaZ+vKK4/ye5zBNCJ7C
                                                                                                                                                                                                                        MD5:20F315D38E3B2EDC5832931E7770B62A
                                                                                                                                                                                                                        SHA1:2390BD585DEC1E884873454BB98B6F1467DCF7BB
                                                                                                                                                                                                                        SHA-256:53A803724BBF2E7F40AAB860325C348F786EECA1EA5CA39A76B4C4A616E3233F
                                                                                                                                                                                                                        SHA-512:C338E241DE3561707C7C275B7D6E0FB16185A8CD7112057C08B74FFCE122148EF693FE310C839FF93F102726A78E61DE3E68C8E324F445A07A98EE9C4FDD4E13
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:..........?.h.....i.....j.....k.&...l.-...m.5...o.;...p.@...r.F...s.W...t.`...v.u...w.....|.....}...............................................................................%.....1.....C.....I.....\.....s.....y.....................................................#...../.....G.....S....._.................................................................+.....:.....@.....I.....[.....m.....s.....y...............................................$.....0.....6.....>.....E.....Q.....].....i............................................... .....D.....b.....q.....w............................................................................. .....5.....>.....G.....M.....W.....a.............................K.....].....o.................................................................,.....>.....g............................................. .....".....%.....(.)...*.>...+.A...,.n........./.....0.....1.....3.....4.....5.....6.N...7.c...8.x...9.....;.....<.....=.....>.....?.....@.....A.P...C.w...D...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\locales\zh-TW.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):350032
                                                                                                                                                                                                                        Entropy (8bit):6.69437398216595
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:BiwxICJkrCU2JLuRyMD+4qz5MHzCtMkZ/9ybT1:BiyS0pMD+4qz5MHzd6/o
                                                                                                                                                                                                                        MD5:524711882CBFB5B95A63EF48F884CFF0
                                                                                                                                                                                                                        SHA1:1078037687CFC5D038EEB8B63D295239E0EDC47A
                                                                                                                                                                                                                        SHA-256:9E16499CD96A155D410C8DF4C812C52FF2A750F8C4DB87FD891C1E58C1428C78
                                                                                                                                                                                                                        SHA-512:16D45A81F7F4606EDA9D12A8B1DA06E3C866B11BDC0C92A4022BFB8D02B885D8F028457CF23E3F7589DFD191ED7F7FBC68C81B6E1411834EDFCBC9CC85E0DC4D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:..........\.h.....i.....j.....k.....l.....n.....o.....p.....r.....s.-...t.6...v.K...w.X...y.^...z.m...|.s...}..................................................................................... .....8.....N.....Z.....m...........................................................!.....*.....6.....S.....`.....l.....~.......................................................................#.....)...../.....5.....M.....\.....k.....}.............................................................................'.....T.....`.....l.....................................................,...../.....;.....M....._.....s.............................................................................I.....v.....|...............................................!.....'.....-.....?.....i.....................................................$.....8.....A... .M..."._...%.z...(.....*.....+.....,.........../.....0.....1.@...3.Q...4.i...5.....6.....7.....8.....9.....;.....<.....=.-...>.F...?.P...@.e...A.....C.....D...

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\resources.pak

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):5245458
                                                                                                                                                                                                                        Entropy (8bit):7.995476669559971
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:98304:HLYxfQVcnNWz49PDq2AwpmqdhBh1Dd42cjrwrbHw4o0DPelwG3RC:H0pQGcMButuBhpd4jkrU4oeelrRC
                                                                                                                                                                                                                        MD5:7D5065ECBA284ED704040FCA1C821922
                                                                                                                                                                                                                        SHA1:095FCC890154A52AD1998B4B1E318F99B3E5D6B8
                                                                                                                                                                                                                        SHA-256:A10C3D236246E001CB9D434A65FC3E8AA7ACDDDDD9608008DB5C5C73DEE0BA1F
                                                                                                                                                                                                                        SHA-512:521B2266E3257ADAA775014F77B0D512FF91B087C2572359D68FFE633B57A423227E3D5AF8EE4494538F1D09AA45FFA1FE8E979814178512C37F7088DDD7995D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:............f.......P'....$*.....-...43@...4.H...4XK...4i]...4.f...4.m...4?p...4.v...4.x...4.z...4.~...4....4.....4?....4.....4....4.....4=....4z....4a....4....4....4.....4.....4.....43....4.....4.....4J....4J....4.....4.....4#....4j....4J....5.....5....v5.:..w5.;..x5.<..y5.>..z5a?...5.?...5.D...5.E...5dJ...5.O...5.V...5.f...5.w...5.x...5.|..n<&...x<....y<....z<....{<....|<....<+....<r....<8....</....<....V@....W@....X@x...Y@d...Z@....[@2...\@O...]@....^@...._@hh..`@....<A....=A.....P.~...Pe....PX....P.....P.....Pt....P.....P3....Q.....QF....Q.....Q.....Q.....Q[....QA....Q.....Q.....QW....Q.....Qv....Q9!...Q.'...QF....Q.1..,Q.F..-QsL...QLN../Q.P..0Q.U..1Q.i..2Q.j..3Q.k..4QEm..5Q.o..6Q.r..7Q~t..8QEw..9Q!x..:Q.z..;Ql...<Q)...=Q....>Q ...?Q"....R....Ry....}.....}. ...}._...}%a...}[h...}.h...}[j...}Lo...}....}.&...}.....}.6...}4;...}.=...}&B...}mG...~.O...~.d...~.q...~.t...~.|...~.}..!~...."~....#~...$~|...&~....'~A...(~....)~....*~t$..+~.4..,~.6..-~V8...~.;../~i<..0~|=..1~iA..2~.H

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\resources\app.asar

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):46967871
                                                                                                                                                                                                                        Entropy (8bit):6.222181991243183
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:786432:g/WycIAfu7iBAZKRP4QDM0WyFzANtP6ChuVc:4aIsaMzANtP6ChuVc
                                                                                                                                                                                                                        MD5:47CF1F17D6E55A7CCC07DCB137978CA2
                                                                                                                                                                                                                        SHA1:5584A6549BB0530631C94410F4F1D2FDAA654450
                                                                                                                                                                                                                        SHA-256:B1DEA4DF87B3F28976560A250AEF99C27D182C08F61A4CF0F41BF08B5ED2B06A
                                                                                                                                                                                                                        SHA-512:204B95EAEB0673CF6227DE3D82235B7AF945E12893E5F19B2A371A8AF9C0BC51E12523D593EDC6366EBEE86A07A58239B7911E9B752A014E72E344F01DE91A89
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:....0...,...%...{"files":{"app.js":{"size":303138,"integrity":{"algorithm":"SHA256","hash":"1b7533bdae3a71efe05ebdd714872d68011cf00b3394b276a4066b37ead0f2af","blockSize":4194304,"blocks":["1b7533bdae3a71efe05ebdd714872d68011cf00b3394b276a4066b37ead0f2af"]},"offset":"0"},"package.json":{"size":340,"integrity":{"algorithm":"SHA256","hash":"4260a367feb4142360931163973e55f7bd6e2c7a56610d7406c56b0a88454de2","blockSize":4194304,"blocks":["4260a367feb4142360931163973e55f7bd6e2c7a56610d7406c56b0a88454de2"]},"offset":"303138"},"node_modules":{"files":{"agent-base":{"files":{"package.json":{"size":1198,"integrity":{"algorithm":"SHA256","hash":"1c22afa50ae7fedb6d51d34394cccb31fc4ed27163271d3060355b044a5b5777","blockSize":4194304,"blocks":["1c22afa50ae7fedb6d51d34394cccb31fc4ed27163271d3060355b044a5b5777"]},"offset":"1917493"},"src":{"files":{"index.ts":{"size":9018,"integrity":{"algorithm":"SHA256","hash":"63b9c52366354393361bbbd40158a3051d39a6e2db4ce564418e01e4ecd1bc64","blockSize":4194304,"bloc

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\resources\elevate.exe

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):107520
                                                                                                                                                                                                                        Entropy (8bit):6.442687067441468
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
                                                                                                                                                                                                                        MD5:792B92C8AD13C46F27C7CED0810694DF
                                                                                                                                                                                                                        SHA1:D8D449B92DE20A57DF722DF46435BA4553ECC802
                                                                                                                                                                                                                        SHA-256:9B1FBF0C11C520AE714AF8AA9AF12CFD48503EEDECD7398D8992EE94D1B4DC37
                                                                                                                                                                                                                        SHA-512:6C247254DC18ED81213A978CCE2E321D6692848C64307097D2C43432A42F4F4F6D3CF22FB92610DFA8B7B16A5F1D94E9017CF64F88F2D08E79C0FE71A9121E40
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..O..............h.......j.q.....k.....e......e......e.......zR........._...h......h.f.............h......Rich....................PE..L......W............................l........0....@.......................................@....................................P.......x.......................T.......p...............................@............0..$............................text............................... ..`.rdata...k...0...l..................@..@.data...............................@....gfids..............................@..@.rsrc...x...........................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\snapshot_blob.bin

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):220112
                                                                                                                                                                                                                        Entropy (8bit):3.855980291560132
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:PCwB4XM5LZsfo0p7SnaCCz3wqTYLmN6hdSajAvDGc/dH4WBlkwHvwi0UQn1nWIa3:KwNsf5PBt
                                                                                                                                                                                                                        MD5:916127734BC7C5B0DB478191A37FC19A
                                                                                                                                                                                                                        SHA1:F9D868C2578F14513FCB95E109AEC795C98DBBA3
                                                                                                                                                                                                                        SHA-256:E19ED7FB96E19BB5BFE791DF03561D654EA5D52021C3403A2652F439A8D77801
                                                                                                                                                                                                                        SHA-512:D291B26568572D5777B036577DDF30C1B6C6C41E9D53EF2D8AF735DB001EA5C568371F3907FBFFC02FEEE628F0F29AFB718AE5DEB32FF245A37947A7B1B9C297
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:..........j)11.2.214.9-electron.0...........................................D......L...........`....`....`....`b...`....`..........Y.D......`$.........D......`$.......D......`$.......m.D......`$.........D......`D.........D......`$.......1.D......`$.......D......`$.......D......`$.........D......`$.......D......`$......ID......`$.......D......`$.......D......`$....(Jb....I.....@..F^......`.....(Jb....M.....@..F^..`.....H...IDa........D`....D`....D`.......D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\v8_context_snapshot.bin

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):523336
                                                                                                                                                                                                                        Entropy (8bit):5.1733870178138
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:51ZU4IFZ/X+KBIViMMg8zYOK8B4UnK83ItBaUHK:nZaZ/OiY2BnrUAF
                                                                                                                                                                                                                        MD5:4F4D00247758C684C295243DDEDD2948
                                                                                                                                                                                                                        SHA1:F8E8FC6C22FDE9DF1D60C329E38B38A85F96BB69
                                                                                                                                                                                                                        SHA-256:4EA84C4465EEA20B46E6DED30F711F1E0D61E15574D861B0210819ABD5E895E5
                                                                                                                                                                                                                        SHA-512:2C335672979114BD68FF6F1B1B94235FBF072FE8642CAD1F7D61855B92741F0633FA0CCB77CD520BE560DB2D3AC75F9BE08E22806487BF5D3045781E3903AD45
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:........r4u.11.2.214.9-electron.0................................................C..`...l...............`....`....`T...`b...`....`..........Y.D......`$.........D......`$.......D......`$.......m.D......`$.........D......`D.........D......`$.......1.D......`$.......D......`$.......D......`$.........D......`$.......D......`$......ID......`$.......D......`$.......D......`$....(Jb....I.....@..F^......`.....(Jb....M.....@..F^..`.....H...IDa........D`....D`....D`.......D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\vk_swiftshader.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):4691456
                                                                                                                                                                                                                        Entropy (8bit):6.674054781171017
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:98304:x2GmsucG1vUTM3SFhCrHglx7LQDCwchuW6ugI:cuuF4XhCGLQDCaI
                                                                                                                                                                                                                        MD5:65A5705D95A0820740B3396851FF1751
                                                                                                                                                                                                                        SHA1:A692A80BAFC41BA1B29EF19890F8465B3FB20DCB
                                                                                                                                                                                                                        SHA-256:4C4B935CBB320033F504A89B1EB0A4BCB176BBD46A5981153CB1F54DEB146A1C
                                                                                                                                                                                                                        SHA-512:0C5DF23B96EAF952C4A498FF6D854DF2B62E7631B16C2855ED37DDBADFFBA3DD52E7450F2E06CF094BEC2E0D70D14C87A652150766D90EC8662E03123DF5942D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."!.....N9..D.......4.......................................H...........@A.........................C.~...f.C.P....pF.......................F..6...:C.....................0:C......`9..............C..............................text....L9......N9................. ..`.rdata......`9......R9.............@..@.data...8T....C..z....C.............@....00cfg.......PF......TE.............@..@.tls....1....`F......VE.............@....rsrc........pF......XE.............@..@.reloc...6....F..8...^E.............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\vk_swiftshader_icd.json

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):106
                                                                                                                                                                                                                        Entropy (8bit):4.724752649036734
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:YD96WyV18tzsmyXLVi1rTVWSCwW2TJHzeZ18rY:Y8WyV18tAZLVmCwXFiZ18rY
                                                                                                                                                                                                                        MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                                                                                                                                                                                        SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                                                                                                                                                                                        SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                                                                                                                                                                                        SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\7z-out\vulkan-1.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):804864
                                                                                                                                                                                                                        Entropy (8bit):6.7728821881501
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24576:cJObHhG7TEnCGlrpZpjL4TB46Z5WODYsHh6g3P0zAk722:c0c7TECgpZpju46Z5WODYsHh6g3P0zA+
                                                                                                                                                                                                                        MD5:A947C5D8FEC95A0F24B4143CED301209
                                                                                                                                                                                                                        SHA1:EBF3089985377A58B8431A14E22A814857287AAF
                                                                                                                                                                                                                        SHA-256:29CB256921A1B0F222C82650469D534CCDF038D1F395B3AAA9F1086918F5D3FA
                                                                                                                                                                                                                        SHA-512:75F5E055F4422B5558FC1CB3EA84FB7CBEAAE6F71C786CC06C295D4AB51C0B1C84E28A7C89FE544F007DBE8E612BED4059139F1575934FE4BAC8E538C674EBD3
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."!.....H...........8....................................................@A........................._..<!..L...P.... .......................0.......=.......................<.......`..............x................................text....F.......H.................. ..`.rdata..<U...`...V...L..............@..@.data...`5..........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\SpiderBanner.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):9216
                                                                                                                                                                                                                        Entropy (8bit):5.5347224014600345
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
                                                                                                                                                                                                                        MD5:17309E33B596BA3A5693B4D3E85CF8D7
                                                                                                                                                                                                                        SHA1:7D361836CF53DF42021C7F2B148AEC9458818C01
                                                                                                                                                                                                                        SHA-256:996A259E53CA18B89EC36D038C40148957C978C0FD600A268497D4C92F882A93
                                                                                                                                                                                                                        SHA-512:1ABAC3CE4F2D5E4A635162E16CF9125E059BA1539F70086C2D71CD00D41A6E2A54D468E6F37792E55A822D7082FB388B8DFECC79B59226BBB047B7D28D44D298
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../../../..Wy./../../....../..Wi./..Wx./..W~./..W{./..Rich./..................PE..L...T{mW...........!................p!.......0...............................p............@..........................5..o...l1..P....P.......................`.......................................................0...............................text............................... ..`.rdata.......0......................@..@.data........@......................@....rsrc........P......................@..@.reloc..d....`....... ..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\StdUtils.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):102400
                                                                                                                                                                                                                        Entropy (8bit):6.729923587623207
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
                                                                                                                                                                                                                        MD5:C6A6E03F77C313B267498515488C5740
                                                                                                                                                                                                                        SHA1:3D49FC2784B9450962ED6B82B46E9C3C957D7C15
                                                                                                                                                                                                                        SHA-256:B72E9013A6204E9F01076DC38DABBF30870D44DFC66962ADBF73619D4331601E
                                                                                                                                                                                                                        SHA-512:9870C5879F7B72836805088079AD5BBAFCB59FC3D9127F2160D4EC3D6E88D3CC8EBE5A9F5D20A4720FE6407C1336EF10F33B2B9621BC587E930D4CBACF337803
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q....C...C...C...C...C...C...C...C...C...C...C...C...C.[.C...C.[.C...C.[.C...C.[.C...CRich...C........................PE..L...I..[...........!.....*...b...............@.......................................+....@..........................}..d....t..........X............................................................................@...............................text....).......*.................. ..`.rdata..TC...@...D..................@..@.data...l............r..............@....rsrc...X............x..............@..@.reloc..j............~..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\System.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                        Entropy (8bit):5.719859767584478
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
                                                                                                                                                                                                                        MD5:0D7AD4F45DC6F5AA87F606D0331C6901
                                                                                                                                                                                                                        SHA1:48DF0911F0484CBE2A8CDD5362140B63C41EE457
                                                                                                                                                                                                                        SHA-256:3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA
                                                                                                                                                                                                                        SHA-512:C07DE7308CB54205E8BD703001A7FE4FD7796C9AC1B4BB330C77C872BF712B093645F40B80CE7127531FE6746A5B66E18EA073AB6A644934ABED9BB64126FEA9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L....~.\...........!....."...........).......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\app-32.7z

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:7-zip archive data, version 0.4
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):77543897
                                                                                                                                                                                                                        Entropy (8bit):7.999994854323907
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:1572864:e6LBYCN9I9oap0lwmwBYQi2Jrydy/UgJnsI0SNcucgzxTMWIymNxe:VuS27WqBR3rEy/TJnsqN0QMWgW
                                                                                                                                                                                                                        MD5:A654004DFF31A3BEAEEDBDF4960B412F
                                                                                                                                                                                                                        SHA1:2F731E9EF3FED7E900A2257C1D83D7D77F4111D9
                                                                                                                                                                                                                        SHA-256:0136D087E4FDF1EF2C0EF9587283222DF4A89C874AD42675A6260935CAB9FA42
                                                                                                                                                                                                                        SHA-512:7330FA59B1B66E46586C784769D3AFE091E4625719B29603CF2D1B2FBEA4509FC3152E14BE5F2702FD4DC96AEFF79E06375D4DA79D278DE81B2A0E976D72C77B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:7z..'...n..$.9......%..........A..R..]...6...#k.![y.`.Gr#.f..F......./.t..C..8.^..k .....@..........ih..w*.`.c...I...;.R.A`../_.Q:..yn........6...a {.f_.....>..`..Nu.....q/..H...hsIhA.5..... .9.[...L./.(.^.+Vz@.Dt7OZI.z.N...~;].rW..k......s...^<i ...w.`3.}............T.Z.v.m..W8..m...........k..8..w+.8..9N.C......._; ..u.J........i43.d.......`....r."O.E...'.{h....'....$.M.$..Y....&.+.r|T....aF.T.9...&..sh....I..;.qP.Y..........V..^..P.:...D.."..@Cw...%8.h.5....6V/0..]....%7.Z.P..w..J..].....M..^......+..BMZ..&..}.6l..hT..t).?2....1...F..H..+...0.s.}.S.-x;...f.b}....8.R.@.....r.....Ib......$(/^XdI..46G..Q....`......h..H.U......p..[.Sa-Q@G.......h!....Z....2$.^.IqZ...~~CUB..#.nAp5.k..K....O".G.(......N...>`.k.....;.~A.X.e.mzUq.L...o..PH..WxfRH..z..dT!."d.W.4...Tx... ..Y<..1.P.#.W..Z7.f.z.R...u6.......C.+?.....p.d........".<.../h.Y..`u<m.y.u.Lh.Fz...#...F).,..G.~..'..Mx.s:3..V..m..[%.B.V[...V.Id_.~i6..$...H.ywyg.D.lA.`.H..+..X..@H....

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\nsExec.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):6656
                                                                                                                                                                                                                        Entropy (8bit):5.155286976455086
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr
                                                                                                                                                                                                                        MD5:EC0504E6B8A11D5AAD43B296BEEB84B2
                                                                                                                                                                                                                        SHA1:91B5CE085130C8C7194D66B2439EC9E1C206497C
                                                                                                                                                                                                                        SHA-256:5D9CEB1CE5F35AEA5F9E5A0C0EDEEEC04DFEFE0C77890C80C70E98209B58B962
                                                                                                                                                                                                                        SHA-512:3F918F1B47E8A919CBE51EB17DC30ACC8CFC18E743A1BAE5B787D0DB7D26038DC1210BE98BF5BA3BE8D6ED896DBBD7AC3D13E66454A98B2A38C7E69DAD30BB57
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,..................Rich...........PE..L....~.\...........!......................... ...............................P............@..........................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..L.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nss10B5.tmp\nsis7z.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):434176
                                                                                                                                                                                                                        Entropy (8bit):6.584811966667578
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
                                                                                                                                                                                                                        MD5:80E44CE4895304C6A3A831310FBF8CD0
                                                                                                                                                                                                                        SHA1:36BD49AE21C460BE5753A904B4501F1ABCA53508
                                                                                                                                                                                                                        SHA-256:B393F05E8FF919EF071181050E1873C9A776E1A0AE8329AEFFF7007D0CADF592
                                                                                                                                                                                                                        SHA-512:C8BA7B1F9113EAD23E993E74A48C4427AE3562C1F6D9910B2BBE6806C9107CF7D94BC7D204613E4743D0CD869E00DAFD4FB54AAD1E8ADB69C553F3B9E5BC64DF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.6a..X2..X2..X2m.[3..X2m.]3..X2Z.]3+.X2Z.\3..X2Z.[3..X2m.\3..X2m.Y3..X2..Y2..X2..\3#.X2..]3..X2..X3..X2...2..X2...2..X2..Z3..X2Rich..X2........PE..L.....\...........!......................... ...............................@............@..........................6.......7..d................................E.....................................@............ ...............................text............................... ..`.rdata..8"... ...$..................@..@.data........P... ...6..............@....rsrc................V..............@..@.reloc...E.......F...Z..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\SerenityTherapyInstaller\1508d4cb-6eb4-4c1c-911b-6a8c7e0b4058.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe
                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                        Size (bytes):389
                                                                                                                                                                                                                        Entropy (8bit):5.579364790638071
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6:YKWCRgXt9RdrtybH0Wvk3dCiHhtXJBxanGk7SQzR0KNQVzaUlaVBN/xCBwlqBX:YKWSg99rrt+JliH7ZvUzWAPNOovNpCTX
                                                                                                                                                                                                                        MD5:20CB668867F9AE7D3ECA073977AA2721
                                                                                                                                                                                                                        SHA1:9E87A73CB243558104B5C0B879A0C2C508706059
                                                                                                                                                                                                                        SHA-256:74DF97BFE34E70E423E9A04FD929B93F8F6387795603AF3EA99DACDCEDE8043D
                                                                                                                                                                                                                        SHA-512:06D8E752A2F7FB592A06DF0B179817067EDEDE62B33D372FF4C5FE1EE2053D10D48718CA944E2212D97F835DC677A163FEFDE7D1659A0F75F815E872670BAE52
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:{"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAAYE4aBPLntSq/+P+YYr/p3AAAAAAIAAAAAABBmAAAAAQAAIAAAAN2B3fPESng1XFAaUMgJmG8S28ZZ0b9d2al2BScH2b1DAAAAAA6AAAAAAgAAIAAAAD16/74X1f7/JdVwgseO8s+0pS2Drf/qbrsv9ETr1NDlMAAAANXXJSIRsf3+FJ04Ppczu8kqGmyly423F4fuDH3M3TBA5x1QUFea/EDp+hK8i3KxE0AAAADo9+xM3l3yU8v+7sxBYfnrWcNOUpWEkrKu3Yyi6Soojlgf9vfmfhomUoT11om6iAsdVpuB8q4b0Elhxn97wEAq"}}

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\SerenityTherapyInstaller\Local State (copy)

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe
                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):389
                                                                                                                                                                                                                        Entropy (8bit):5.579364790638071
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6:YKWCRgXt9RdrtybH0Wvk3dCiHhtXJBxanGk7SQzR0KNQVzaUlaVBN/xCBwlqBX:YKWSg99rrt+JliH7ZvUzWAPNOovNpCTX
                                                                                                                                                                                                                        MD5:20CB668867F9AE7D3ECA073977AA2721
                                                                                                                                                                                                                        SHA1:9E87A73CB243558104B5C0B879A0C2C508706059
                                                                                                                                                                                                                        SHA-256:74DF97BFE34E70E423E9A04FD929B93F8F6387795603AF3EA99DACDCEDE8043D
                                                                                                                                                                                                                        SHA-512:06D8E752A2F7FB592A06DF0B179817067EDEDE62B33D372FF4C5FE1EE2053D10D48718CA944E2212D97F835DC677A163FEFDE7D1659A0F75F815E872670BAE52
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:{"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAAYE4aBPLntSq/+P+YYr/p3AAAAAAIAAAAAABBmAAAAAQAAIAAAAN2B3fPESng1XFAaUMgJmG8S28ZZ0b9d2al2BScH2b1DAAAAAA6AAAAAAgAAIAAAAD16/74X1f7/JdVwgseO8s+0pS2Drf/qbrsv9ETr1NDlMAAAANXXJSIRsf3+FJ04Ppczu8kqGmyly423F4fuDH3M3TBA5x1QUFea/EDp+hK8i3KxE0AAAADo9+xM3l3yU8v+7sxBYfnrWcNOUpWEkrKu3Yyi6Soojlgf9vfmfhomUoT11om6iAsdVpuB8q4b0Elhxn97wEAq"}}

                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                        Entropy (8bit):7.99997902642352
                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                        File name:nsis-installer.exe
                                                                                                                                                                                                                        File size:78'057'262 bytes
                                                                                                                                                                                                                        MD5:85aea19a596f59d0dbf368f99be6a139
                                                                                                                                                                                                                        SHA1:9fd84c0780b6555cdeed499b30e5d67071998fbc
                                                                                                                                                                                                                        SHA256:7a95214e7077d7324c0e8dc7d20f2a4e625bc0ac7e14b1446e37c47dff7eeb5b
                                                                                                                                                                                                                        SHA512:7de04cce49edfe48555b68d0a9935292b8e8a494af62dd6da9c92c022697d579b6d81685a91594e8402266b2ad73939e78a761110f9c39b20544308591db0f06
                                                                                                                                                                                                                        SSDEEP:1572864:fb6LBYCN9I9oap0lwmwBYQi2Jrydy/UgJnsI0SNcucgzxTMWIymNx:fiuS27WqBR3rEy/TJnsqN0QMWg
                                                                                                                                                                                                                        TLSH:830833DC5FD0BD82E4EC7BB85E1F7AABFB22A04C5CC06D56216856C26C12C531E1F52A
                                                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L......\.................h...8...@.

                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                        Icon Hash:0771ccf8d84d2907

                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Entrypoint:0x40338f
                                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                                        Digitally signed:true
                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                        Time Stamp:0x5C157F86 [Sat Dec 15 22:26:14 2018 UTC]
                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                        OS Version Major:4
                                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                                        File Version Major:4
                                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                                        Subsystem Version Major:4
                                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                                        Import Hash:b34f154ec913d2d2c435cbd644e91687

                                                                                                                                                                                                                        Authenticode Signature

                                                                                                                                                                                                                        Signature Valid:false
                                                                                                                                                                                                                        Signature Issuer:CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                                                                                                                                                                                        Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                                        Error Number:-2146869232
                                                                                                                                                                                                                        Not Before, Not After
                                                                                                                                                                                                                        • 12/05/2022 22:45:59 11/05/2023 22:45:59
                                                                                                                                                                                                                        Subject Chain
                                                                                                                                                                                                                        • CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                                                                                                                                                                                        Version:3
                                                                                                                                                                                                                        Thumbprint MD5:EAF99B1CDFF361CB066EC1CDB5FD68ED
                                                                                                                                                                                                                        Thumbprint SHA-1:F372C27F6E052A6BE8BAB3112B465C692196CD6F
                                                                                                                                                                                                                        Thumbprint SHA-256:6DFB94C073BA075667FCC19AB327AE679D84F2A2BCF76CC21ABFC9B93FEE61A5
                                                                                                                                                                                                                        Serial:33000002CBB77539FB027142360000000002CB

                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                        sub esp, 000002D4h
                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                        push edi
                                                                                                                                                                                                                        push 00000020h
                                                                                                                                                                                                                        pop edi
                                                                                                                                                                                                                        xor ebx, ebx
                                                                                                                                                                                                                        push 00008001h
                                                                                                                                                                                                                        mov dword ptr [esp+14h], ebx
                                                                                                                                                                                                                        mov dword ptr [esp+10h], 0040A2E0h
                                                                                                                                                                                                                        mov dword ptr [esp+1Ch], ebx
                                                                                                                                                                                                                        call dword ptr [004080A8h]
                                                                                                                                                                                                                        call dword ptr [004080A4h]
                                                                                                                                                                                                                        and eax, BFFFFFFFh
                                                                                                                                                                                                                        cmp ax, 00000006h
                                                                                                                                                                                                                        mov dword ptr [0047AEECh], eax
                                                                                                                                                                                                                        je 00007F49B0F49EC3h
                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                        call 00007F49B0F4D175h
                                                                                                                                                                                                                        cmp eax, ebx
                                                                                                                                                                                                                        je 00007F49B0F49EB9h
                                                                                                                                                                                                                        push 00000C00h
                                                                                                                                                                                                                        call eax
                                                                                                                                                                                                                        mov esi, 004082B0h
                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                        call 00007F49B0F4D0EFh
                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                        call dword ptr [00408150h]
                                                                                                                                                                                                                        lea esi, dword ptr [esi+eax+01h]
                                                                                                                                                                                                                        cmp byte ptr [esi], 00000000h
                                                                                                                                                                                                                        jne 00007F49B0F49E9Ch
                                                                                                                                                                                                                        push 0000000Ah
                                                                                                                                                                                                                        call 00007F49B0F4D148h
                                                                                                                                                                                                                        push 00000008h
                                                                                                                                                                                                                        call 00007F49B0F4D141h
                                                                                                                                                                                                                        push 00000006h
                                                                                                                                                                                                                        mov dword ptr [0047AEE4h], eax
                                                                                                                                                                                                                        call 00007F49B0F4D135h
                                                                                                                                                                                                                        cmp eax, ebx
                                                                                                                                                                                                                        je 00007F49B0F49EC1h
                                                                                                                                                                                                                        push 0000001Eh
                                                                                                                                                                                                                        call eax
                                                                                                                                                                                                                        test eax, eax
                                                                                                                                                                                                                        je 00007F49B0F49EB9h
                                                                                                                                                                                                                        or byte ptr [0047AEEFh], 00000040h
                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                        call dword ptr [00408044h]
                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                        call dword ptr [004082A0h]
                                                                                                                                                                                                                        mov dword ptr [0047AFB8h], eax
                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                        lea eax, dword ptr [esp+34h]
                                                                                                                                                                                                                        push 000002B4h
                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                        push 00440208h
                                                                                                                                                                                                                        call dword ptr [00408188h]
                                                                                                                                                                                                                        push 0040A2C8h

                                                                                                                                                                                                                        Rich Headers

                                                                                                                                                                                                                        Programming Language:
                                                                                                                                                                                                                        • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x86100xa0.rdata
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x19b0000x59b0.rsrc
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x4a6e7760x27b8
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                        .text0x10000x66270x68007618d4c0cd8bb67ea9595b4266b3a91fFalse0.6646259014423077data6.450282348506287IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                        .rdata0x80000x14a20x1600eecac1fed9cc6b447d50940d178404d8False0.4405184659090909data5.025178929113415IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                        .data0xa0000x70ff80x600db8f31a08a2242d80c29e1f9500c6527False0.5182291666666666data4.037117731448378IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                        .ndata0x7b0000x1200000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                        .rsrc0x19b0000x59b00x5a00f35e9af7cf9178f3d473364270608254False0.4953559027777778data5.460148092136221IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                        RT_ICON0x19b5c80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.7213883677298312
                                                                                                                                                                                                                        RT_ICON0x19c6700xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688, 256 important colorsEnglishUnited States0.6751066098081023
                                                                                                                                                                                                                        RT_ICON0x19d5180x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152, 256 important colorsEnglishUnited States0.7851985559566786
                                                                                                                                                                                                                        RT_ICON0x19ddc00x568Device independent bitmap graphic, 16 x 32 x 8, image size 320, 256 important colorsEnglishUnited States0.6560693641618497
                                                                                                                                                                                                                        RT_ICON0x19e3280x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.8031914893617021
                                                                                                                                                                                                                        RT_ICON0x19e7900x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.3118279569892473
                                                                                                                                                                                                                        RT_ICON0x19ea780x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.36824324324324326
                                                                                                                                                                                                                        RT_DIALOG0x19eba00x202dataEnglishUnited States0.4085603112840467
                                                                                                                                                                                                                        RT_DIALOG0x19eda80xf8dataEnglishUnited States0.6290322580645161
                                                                                                                                                                                                                        RT_DIALOG0x19eea00xeedataEnglishUnited States0.6260504201680672
                                                                                                                                                                                                                        RT_DIALOG0x19ef900x1fadataEnglishUnited States0.40118577075098816
                                                                                                                                                                                                                        RT_DIALOG0x19f1900xf0dataEnglishUnited States0.6666666666666666
                                                                                                                                                                                                                        RT_DIALOG0x19f2800xe6dataEnglishUnited States0.6565217391304348
                                                                                                                                                                                                                        RT_DIALOG0x19f3680x1eedataEnglishUnited States0.38866396761133604
                                                                                                                                                                                                                        RT_DIALOG0x19f5580xe4dataEnglishUnited States0.6447368421052632
                                                                                                                                                                                                                        RT_DIALOG0x19f6400xdadataEnglishUnited States0.6422018348623854
                                                                                                                                                                                                                        RT_DIALOG0x19f7200x1eedataEnglishUnited States0.3866396761133603
                                                                                                                                                                                                                        RT_DIALOG0x19f9100xe4dataEnglishUnited States0.6359649122807017
                                                                                                                                                                                                                        RT_DIALOG0x19f9f80xdadataEnglishUnited States0.6376146788990825
                                                                                                                                                                                                                        RT_DIALOG0x19fad80x1f2dataEnglishUnited States0.39759036144578314
                                                                                                                                                                                                                        RT_DIALOG0x19fcd00xe8dataEnglishUnited States0.6508620689655172
                                                                                                                                                                                                                        RT_DIALOG0x19fdb80xdedataEnglishUnited States0.6486486486486487
                                                                                                                                                                                                                        RT_DIALOG0x19fe980x202dataEnglishUnited States0.42217898832684825
                                                                                                                                                                                                                        RT_DIALOG0x1a00a00xf8dataEnglishUnited States0.6653225806451613
                                                                                                                                                                                                                        RT_DIALOG0x1a01980xeedataEnglishUnited States0.6512605042016807
                                                                                                                                                                                                                        RT_GROUP_ICON0x1a02880x68dataEnglishUnited States0.6634615384615384
                                                                                                                                                                                                                        RT_VERSION0x1a02f00x294OpenPGP Secret KeyEnglishUnited States0.43787878787878787
                                                                                                                                                                                                                        RT_MANIFEST0x1a05880x423XML 1.0 document, ASCII text, with very long lines (1059), with no line terminatorsEnglishUnited States0.5127478753541076

                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                        KERNEL32.dllSetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                                                                                                                                                                                                        USER32.dllGetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
                                                                                                                                                                                                                        GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                                                                                                                                        SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
                                                                                                                                                                                                                        ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                                                                                                                                                                        COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                                                                                                                                                        ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                                                                                                                                                        Possible Origin

                                                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                        EnglishUnited States

                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                        Apr 17, 2024 02:05:30.722907066 CEST49711443192.168.2.634.117.186.192
                                                                                                                                                                                                                        Apr 17, 2024 02:05:30.722954035 CEST4434971134.117.186.192192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:30.723159075 CEST49711443192.168.2.634.117.186.192
                                                                                                                                                                                                                        Apr 17, 2024 02:05:30.726931095 CEST49711443192.168.2.634.117.186.192
                                                                                                                                                                                                                        Apr 17, 2024 02:05:30.726958990 CEST4434971134.117.186.192192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:30.948394060 CEST4434971134.117.186.192192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:30.949027061 CEST49711443192.168.2.634.117.186.192
                                                                                                                                                                                                                        Apr 17, 2024 02:05:30.949058056 CEST4434971134.117.186.192192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:30.950741053 CEST4434971134.117.186.192192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:30.950815916 CEST49711443192.168.2.634.117.186.192
                                                                                                                                                                                                                        Apr 17, 2024 02:05:30.954423904 CEST49711443192.168.2.634.117.186.192
                                                                                                                                                                                                                        Apr 17, 2024 02:05:30.954478979 CEST4434971134.117.186.192192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:30.954526901 CEST49711443192.168.2.634.117.186.192
                                                                                                                                                                                                                        Apr 17, 2024 02:05:39.597419977 CEST49712443192.168.2.6172.64.41.3
                                                                                                                                                                                                                        Apr 17, 2024 02:05:39.597441912 CEST44349712172.64.41.3192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:39.597511053 CEST49712443192.168.2.6172.64.41.3
                                                                                                                                                                                                                        Apr 17, 2024 02:05:39.598212004 CEST49712443192.168.2.6172.64.41.3
                                                                                                                                                                                                                        Apr 17, 2024 02:05:39.598225117 CEST44349712172.64.41.3192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:39.821233988 CEST44349712172.64.41.3192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:39.841695070 CEST49712443192.168.2.6172.64.41.3
                                                                                                                                                                                                                        Apr 17, 2024 02:05:39.841703892 CEST44349712172.64.41.3192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:39.845607042 CEST44349712172.64.41.3192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:39.845721960 CEST49712443192.168.2.6172.64.41.3
                                                                                                                                                                                                                        Apr 17, 2024 02:05:39.894824982 CEST49712443192.168.2.6172.64.41.3
                                                                                                                                                                                                                        Apr 17, 2024 02:05:39.895332098 CEST44349712172.64.41.3192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:39.896143913 CEST49712443192.168.2.6172.64.41.3
                                                                                                                                                                                                                        Apr 17, 2024 02:05:39.940155983 CEST44349712172.64.41.3192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:39.952873945 CEST49712443192.168.2.6172.64.41.3
                                                                                                                                                                                                                        Apr 17, 2024 02:05:39.952882051 CEST44349712172.64.41.3192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:40.065066099 CEST44349712172.64.41.3192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:40.066617966 CEST49712443192.168.2.6172.64.41.3
                                                                                                                                                                                                                        Apr 17, 2024 02:05:40.074906111 CEST49712443192.168.2.6172.64.41.3
                                                                                                                                                                                                                        Apr 17, 2024 02:05:40.074918985 CEST44349712172.64.41.3192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:43.870553970 CEST49713443192.168.2.634.117.186.192
                                                                                                                                                                                                                        Apr 17, 2024 02:05:43.870608091 CEST4434971334.117.186.192192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:43.870681047 CEST49713443192.168.2.634.117.186.192
                                                                                                                                                                                                                        Apr 17, 2024 02:05:43.871189117 CEST49713443192.168.2.634.117.186.192
                                                                                                                                                                                                                        Apr 17, 2024 02:05:43.871202946 CEST4434971334.117.186.192192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:44.085721970 CEST4434971334.117.186.192192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:44.086239100 CEST49713443192.168.2.634.117.186.192
                                                                                                                                                                                                                        Apr 17, 2024 02:05:44.086263895 CEST4434971334.117.186.192192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:44.087726116 CEST4434971334.117.186.192192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:44.087778091 CEST49713443192.168.2.634.117.186.192
                                                                                                                                                                                                                        Apr 17, 2024 02:05:44.090780020 CEST49713443192.168.2.634.117.186.192
                                                                                                                                                                                                                        Apr 17, 2024 02:05:44.090811014 CEST4434971334.117.186.192192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:44.090886116 CEST49713443192.168.2.634.117.186.192
                                                                                                                                                                                                                        Apr 17, 2024 02:05:46.755290985 CEST49715443192.168.2.6162.159.61.3
                                                                                                                                                                                                                        Apr 17, 2024 02:05:46.755321980 CEST44349715162.159.61.3192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:46.755462885 CEST49715443192.168.2.6162.159.61.3
                                                                                                                                                                                                                        Apr 17, 2024 02:05:46.755914927 CEST49715443192.168.2.6162.159.61.3
                                                                                                                                                                                                                        Apr 17, 2024 02:05:46.755933046 CEST44349715162.159.61.3192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:46.968473911 CEST44349715162.159.61.3192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:46.979574919 CEST49715443192.168.2.6162.159.61.3
                                                                                                                                                                                                                        Apr 17, 2024 02:05:46.979588032 CEST44349715162.159.61.3192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:46.981539011 CEST44349715162.159.61.3192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:46.981609106 CEST49715443192.168.2.6162.159.61.3
                                                                                                                                                                                                                        Apr 17, 2024 02:05:46.994103909 CEST49715443192.168.2.6162.159.61.3
                                                                                                                                                                                                                        Apr 17, 2024 02:05:46.994183064 CEST44349715162.159.61.3192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:46.994195938 CEST49715443192.168.2.6162.159.61.3
                                                                                                                                                                                                                        Apr 17, 2024 02:05:47.036117077 CEST44349715162.159.61.3192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:47.177495003 CEST49715443192.168.2.6162.159.61.3
                                                                                                                                                                                                                        Apr 17, 2024 02:05:47.177501917 CEST44349715162.159.61.3192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:47.218929052 CEST44349715162.159.61.3192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:47.219113111 CEST49715443192.168.2.6162.159.61.3
                                                                                                                                                                                                                        Apr 17, 2024 02:05:47.222811937 CEST49715443192.168.2.6162.159.61.3
                                                                                                                                                                                                                        Apr 17, 2024 02:05:47.222826004 CEST44349715162.159.61.3192.168.2.6

                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                        Apr 17, 2024 02:05:30.613735914 CEST5765153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:05:30.718754053 CEST53576511.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:30.963403940 CEST5769653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:05:31.084386110 CEST53576961.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:35.517420053 CEST6501453192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:05:35.624883890 CEST53650141.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:39.461767912 CEST6126453192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:05:39.461915016 CEST5029953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:05:39.566551924 CEST53612641.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:39.567313910 CEST53502991.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:40.519762039 CEST6343653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:05:40.646400928 CEST53634361.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:45.515944004 CEST6064253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:05:45.637691975 CEST53606421.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:46.648801088 CEST5592053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:05:46.648967028 CEST5803553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:05:46.753201008 CEST53580351.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:46.753719091 CEST53559201.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:50.983210087 CEST5837053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:05:51.105148077 CEST53583701.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:05:55.521778107 CEST5915053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:05:55.626956940 CEST53591501.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:06:00.530747890 CEST5445653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:06:00.652298927 CEST53544561.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:06:05.522866011 CEST6239953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:06:05.647555113 CEST53623991.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:06:10.522336006 CEST5165853192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:06:10.646549940 CEST53516581.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:06:15.521581888 CEST5169353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:06:15.646033049 CEST53516931.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:06:20.524662018 CEST6510653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:06:20.651443958 CEST53651061.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:06:26.441509008 CEST6478953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:06:26.546825886 CEST53647891.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:06:31.522006035 CEST5391253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:06:31.645474911 CEST53539121.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:06:36.523988008 CEST5847653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:06:36.629337072 CEST53584761.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:06:41.549834967 CEST5485053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:06:41.657001019 CEST53548501.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:06:46.522429943 CEST5398053192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:06:46.628027916 CEST53539801.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:06:51.521667957 CEST6179153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:06:51.626565933 CEST53617911.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:06:56.522639036 CEST5605953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:06:56.628246069 CEST53560591.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:07:01.621892929 CEST5903353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:07:01.743422031 CEST53590331.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:07:06.521840096 CEST5191553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:07:06.646541119 CEST53519151.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:07:11.524338961 CEST6301253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:07:11.629484892 CEST53630121.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:07:16.534588099 CEST6392353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:07:16.658766985 CEST53639231.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:07:21.524012089 CEST5741853192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:07:21.646694899 CEST53574181.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:07:26.533253908 CEST4917753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:07:26.640737057 CEST53491771.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:07:31.523605108 CEST5307653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:07:31.628037930 CEST53530761.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:07:36.629748106 CEST5552353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:07:36.735770941 CEST53555231.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:07:41.521924973 CEST5154353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:07:41.628235102 CEST53515431.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:07:46.522247076 CEST6086853192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:07:46.628236055 CEST53608681.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:07:51.521513939 CEST5914253192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:07:51.626844883 CEST53591421.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:07:56.522044897 CEST6114953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:07:56.628761053 CEST53611491.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:08:01.535811901 CEST6478853192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:08:01.654041052 CEST53647881.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:08:06.522021055 CEST5333753192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:08:06.626961946 CEST53533371.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:08:11.522027969 CEST6378353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:08:11.627118111 CEST53637831.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:08:16.522149086 CEST5125953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:08:16.627935886 CEST53512591.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:08:21.521823883 CEST5630153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:08:21.626410961 CEST53563011.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:08:26.530109882 CEST6467553192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:08:26.636748075 CEST53646751.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:08:32.525089979 CEST5995953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:08:32.629921913 CEST53599591.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:08:37.521843910 CEST5623953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:08:37.626738071 CEST53562391.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:08:42.543356895 CEST6037653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:08:42.648334980 CEST53603761.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:08:47.522403955 CEST5157353192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:08:47.628005981 CEST53515731.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:08:52.521410942 CEST6434953192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:08:52.627543926 CEST53643491.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:08:57.522104979 CEST5839153192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:08:57.627100945 CEST53583911.1.1.1192.168.2.6
                                                                                                                                                                                                                        Apr 17, 2024 02:09:03.214350939 CEST5639653192.168.2.61.1.1.1
                                                                                                                                                                                                                        Apr 17, 2024 02:09:03.319964886 CEST53563961.1.1.1192.168.2.6

                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                        Apr 17, 2024 02:05:30.613735914 CEST192.168.2.61.1.1.10xa00eStandard query (0)ipinfo.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:05:30.963403940 CEST192.168.2.61.1.1.10xdc27Standard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:05:35.517420053 CEST192.168.2.61.1.1.10xac1dStandard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:05:39.461767912 CEST192.168.2.61.1.1.10x1bd2Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:05:39.461915016 CEST192.168.2.61.1.1.10x4326Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:05:40.519762039 CEST192.168.2.61.1.1.10xe155Standard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:05:45.515944004 CEST192.168.2.61.1.1.10x7e2aStandard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:05:46.648801088 CEST192.168.2.61.1.1.10x9ea2Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:05:46.648967028 CEST192.168.2.61.1.1.10x94a4Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:05:50.983210087 CEST192.168.2.61.1.1.10xf834Standard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:05:55.521778107 CEST192.168.2.61.1.1.10x94efStandard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:06:00.530747890 CEST192.168.2.61.1.1.10x5a23Standard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:06:05.522866011 CEST192.168.2.61.1.1.10xbe68Standard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:06:10.522336006 CEST192.168.2.61.1.1.10xad9eStandard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:06:15.521581888 CEST192.168.2.61.1.1.10x2a1aStandard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:06:20.524662018 CEST192.168.2.61.1.1.10x7bfaStandard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:06:26.441509008 CEST192.168.2.61.1.1.10x30b6Standard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:06:31.522006035 CEST192.168.2.61.1.1.10x9948Standard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:06:36.523988008 CEST192.168.2.61.1.1.10x64ddStandard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:06:41.549834967 CEST192.168.2.61.1.1.10xd8ecStandard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:06:46.522429943 CEST192.168.2.61.1.1.10x4943Standard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:06:51.521667957 CEST192.168.2.61.1.1.10xb4c0Standard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:06:56.522639036 CEST192.168.2.61.1.1.10x8cf7Standard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:07:01.621892929 CEST192.168.2.61.1.1.10xaabcStandard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:07:06.521840096 CEST192.168.2.61.1.1.10xbe02Standard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:07:11.524338961 CEST192.168.2.61.1.1.10x18d5Standard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:07:16.534588099 CEST192.168.2.61.1.1.10x9343Standard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:07:21.524012089 CEST192.168.2.61.1.1.10xd01Standard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:07:26.533253908 CEST192.168.2.61.1.1.10x9a24Standard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:07:31.523605108 CEST192.168.2.61.1.1.10xd749Standard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:07:36.629748106 CEST192.168.2.61.1.1.10xffe1Standard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:07:41.521924973 CEST192.168.2.61.1.1.10x258cStandard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:07:46.522247076 CEST192.168.2.61.1.1.10xe89fStandard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:07:51.521513939 CEST192.168.2.61.1.1.10xe0c4Standard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:07:56.522044897 CEST192.168.2.61.1.1.10xc77bStandard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:08:01.535811901 CEST192.168.2.61.1.1.10x9c1fStandard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:08:06.522021055 CEST192.168.2.61.1.1.10x2dc8Standard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:08:11.522027969 CEST192.168.2.61.1.1.10xc322Standard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:08:16.522149086 CEST192.168.2.61.1.1.10x45baStandard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:08:21.521823883 CEST192.168.2.61.1.1.10x85deStandard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:08:26.530109882 CEST192.168.2.61.1.1.10xc291Standard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:08:32.525089979 CEST192.168.2.61.1.1.10x36caStandard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:08:37.521843910 CEST192.168.2.61.1.1.10xc528Standard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:08:42.543356895 CEST192.168.2.61.1.1.10x4c98Standard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:08:47.522403955 CEST192.168.2.61.1.1.10x4142Standard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:08:52.521410942 CEST192.168.2.61.1.1.10xb024Standard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:08:57.522104979 CEST192.168.2.61.1.1.10x9fb3Standard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:09:03.214350939 CEST192.168.2.61.1.1.10x44ebStandard query (0)illitmagnetic.siteA (IP address)IN (0x0001)false

                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                        Apr 17, 2024 02:05:30.718754053 CEST1.1.1.1192.168.2.60xa00eNo error (0)ipinfo.io34.117.186.192A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:05:31.084386110 CEST1.1.1.1192.168.2.60xdc27Name error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:05:35.624883890 CEST1.1.1.1192.168.2.60xac1dName error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:05:39.566551924 CEST1.1.1.1192.168.2.60x1bd2No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:05:39.566551924 CEST1.1.1.1192.168.2.60x1bd2No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:05:39.567313910 CEST1.1.1.1192.168.2.60x4326No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:05:40.646400928 CEST1.1.1.1192.168.2.60xe155Name error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:05:45.637691975 CEST1.1.1.1192.168.2.60x7e2aName error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:05:46.753201008 CEST1.1.1.1192.168.2.60x94a4No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:05:46.753719091 CEST1.1.1.1192.168.2.60x9ea2No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:05:46.753719091 CEST1.1.1.1192.168.2.60x9ea2No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:05:51.105148077 CEST1.1.1.1192.168.2.60xf834Name error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:05:55.626956940 CEST1.1.1.1192.168.2.60x94efName error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:06:00.652298927 CEST1.1.1.1192.168.2.60x5a23Name error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:06:05.647555113 CEST1.1.1.1192.168.2.60xbe68Name error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:06:10.646549940 CEST1.1.1.1192.168.2.60xad9eName error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:06:15.646033049 CEST1.1.1.1192.168.2.60x2a1aName error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:06:20.651443958 CEST1.1.1.1192.168.2.60x7bfaName error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:06:26.546825886 CEST1.1.1.1192.168.2.60x30b6Name error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:06:31.645474911 CEST1.1.1.1192.168.2.60x9948Name error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:06:36.629337072 CEST1.1.1.1192.168.2.60x64ddName error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:06:41.657001019 CEST1.1.1.1192.168.2.60xd8ecName error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:06:46.628027916 CEST1.1.1.1192.168.2.60x4943Name error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:06:51.626565933 CEST1.1.1.1192.168.2.60xb4c0Name error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:06:56.628246069 CEST1.1.1.1192.168.2.60x8cf7Name error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:07:01.743422031 CEST1.1.1.1192.168.2.60xaabcName error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:07:06.646541119 CEST1.1.1.1192.168.2.60xbe02Name error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:07:11.629484892 CEST1.1.1.1192.168.2.60x18d5Name error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:07:16.658766985 CEST1.1.1.1192.168.2.60x9343Name error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:07:21.646694899 CEST1.1.1.1192.168.2.60xd01Name error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:07:26.640737057 CEST1.1.1.1192.168.2.60x9a24Name error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:07:31.628037930 CEST1.1.1.1192.168.2.60xd749Name error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:07:36.735770941 CEST1.1.1.1192.168.2.60xffe1Name error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:07:41.628235102 CEST1.1.1.1192.168.2.60x258cName error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:07:46.628236055 CEST1.1.1.1192.168.2.60xe89fName error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:07:51.626844883 CEST1.1.1.1192.168.2.60xe0c4Name error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:07:56.628761053 CEST1.1.1.1192.168.2.60xc77bName error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:08:01.654041052 CEST1.1.1.1192.168.2.60x9c1fName error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:08:06.626961946 CEST1.1.1.1192.168.2.60x2dc8Name error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:08:11.627118111 CEST1.1.1.1192.168.2.60xc322Name error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:08:16.627935886 CEST1.1.1.1192.168.2.60x45baName error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:08:21.626410961 CEST1.1.1.1192.168.2.60x85deName error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:08:26.636748075 CEST1.1.1.1192.168.2.60xc291Name error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:08:32.629921913 CEST1.1.1.1192.168.2.60x36caName error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:08:37.626738071 CEST1.1.1.1192.168.2.60xc528Name error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:08:42.648334980 CEST1.1.1.1192.168.2.60x4c98Name error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:08:47.628005981 CEST1.1.1.1192.168.2.60x4142Name error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:08:52.627543926 CEST1.1.1.1192.168.2.60xb024Name error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:08:57.627100945 CEST1.1.1.1192.168.2.60x9fb3Name error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Apr 17, 2024 02:09:03.319964886 CEST1.1.1.1192.168.2.60x44ebName error (3)illitmagnetic.sitenonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                                        • chrome.cloudflare-dns.com

                                                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        0192.168.2.649712172.64.41.34432188C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-04-17 00:05:39 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                        Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Content-Length: 128
                                                                                                                                                                                                                        Accept: application/dns-message
                                                                                                                                                                                                                        Accept-Language: *
                                                                                                                                                                                                                        User-Agent: Chrome
                                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                        2024-04-17 00:05:39 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                        2024-04-17 00:05:40 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        Date: Wed, 17 Apr 2024 00:05:40 GMT
                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                                                                        CF-RAY: 87582a2d0ff4507d-ATL
                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                        2024-04-17 00:05:40 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 56 00 04 40 e9 b0 5e 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                        Data Ascii: wwwgstaticcomV@^)


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        1192.168.2.649715162.159.61.34435280C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-04-17 00:05:46 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                        Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Content-Length: 128
                                                                                                                                                                                                                        Accept: application/dns-message
                                                                                                                                                                                                                        Accept-Language: *
                                                                                                                                                                                                                        User-Agent: Chrome
                                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                        2024-04-17 00:05:46 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                        2024-04-17 00:05:47 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        Date: Wed, 17 Apr 2024 00:05:47 GMT
                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                                                                        CF-RAY: 87582a59cc666a7b-ATL
                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                        2024-04-17 00:05:47 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 bc 00 04 ac d9 d7 5e 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom^)


                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                        Start time:02:04:58
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\nsis-installer.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\nsis-installer.exe"
                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                        File size:78'057'262 bytes
                                                                                                                                                                                                                        MD5 hash:85AEA19A596F59D0DBF368F99BE6A139
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                                                        Start time:02:04:58
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq SerenityTherapyInstaller.exe" /FO csv | %SYSTEMROOT%\System32\find.exe "SerenityTherapyInstaller.exe"
                                                                                                                                                                                                                        Imagebase:0x1c0000
                                                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:3
                                                                                                                                                                                                                        Start time:02:04:58
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:4
                                                                                                                                                                                                                        Start time:02:04:59
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq SerenityTherapyInstaller.exe" /FO csv
                                                                                                                                                                                                                        Imagebase:0x430000
                                                                                                                                                                                                                        File size:79'360 bytes
                                                                                                                                                                                                                        MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                                                        Start time:02:04:59
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\find.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:C:\Windows\System32\find.exe "SerenityTherapyInstaller.exe"
                                                                                                                                                                                                                        Imagebase:0x1b0000
                                                                                                                                                                                                                        File size:14'848 bytes
                                                                                                                                                                                                                        MD5 hash:15B158BC998EEF74CFDD27C44978AEA0
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:8
                                                                                                                                                                                                                        Start time:02:05:20
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe"
                                                                                                                                                                                                                        Imagebase:0x730000
                                                                                                                                                                                                                        File size:138'321'408 bytes
                                                                                                                                                                                                                        MD5 hash:D05989CE9BE7EA67632845FA837299C9
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                        • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                        • Detection: 3%, Virustotal, Browse
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:11
                                                                                                                                                                                                                        Start time:02:05:22
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "chcp"
                                                                                                                                                                                                                        Imagebase:0x1c0000
                                                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:12
                                                                                                                                                                                                                        Start time:02:05:23
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:13
                                                                                                                                                                                                                        Start time:02:05:23
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\chcp.com
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:chcp
                                                                                                                                                                                                                        Imagebase:0xb70000
                                                                                                                                                                                                                        File size:12'800 bytes
                                                                                                                                                                                                                        MD5 hash:20A59FB950D8A191F7D35C4CA7DA9CAF
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:14
                                                                                                                                                                                                                        Start time:02:05:23
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                        Imagebase:0x1c0000
                                                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:15
                                                                                                                                                                                                                        Start time:02:05:23
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:16
                                                                                                                                                                                                                        Start time:02:05:23
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:tasklist
                                                                                                                                                                                                                        Imagebase:0x430000
                                                                                                                                                                                                                        File size:79'360 bytes
                                                                                                                                                                                                                        MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:17
                                                                                                                                                                                                                        Start time:02:05:24
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"
                                                                                                                                                                                                                        Imagebase:0x1c0000
                                                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:18
                                                                                                                                                                                                                        Start time:02:05:24
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:19
                                                                                                                                                                                                                        Start time:02:05:24
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                        Imagebase:0x9b0000
                                                                                                                                                                                                                        File size:433'152 bytes
                                                                                                                                                                                                                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:20
                                                                                                                                                                                                                        Start time:02:05:24
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                        Imagebase:0x9b0000
                                                                                                                                                                                                                        File size:433'152 bytes
                                                                                                                                                                                                                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:21
                                                                                                                                                                                                                        Start time:02:05:24
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:22
                                                                                                                                                                                                                        Start time:02:05:24
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                        Imagebase:0x9b0000
                                                                                                                                                                                                                        File size:433'152 bytes
                                                                                                                                                                                                                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:23
                                                                                                                                                                                                                        Start time:02:05:24
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:24
                                                                                                                                                                                                                        Start time:02:05:24
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:25
                                                                                                                                                                                                                        Start time:02:05:25
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\SerenityTherapyInstaller" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1972 --field-trial-handle=1976,i,9719428906805688631,3168165960160999559,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
                                                                                                                                                                                                                        Imagebase:0x730000
                                                                                                                                                                                                                        File size:138'321'408 bytes
                                                                                                                                                                                                                        MD5 hash:D05989CE9BE7EA67632845FA837299C9
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:26
                                                                                                                                                                                                                        Start time:02:05:29
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\SerenityTherapyInstaller" --mojo-platform-channel-handle=2144 --field-trial-handle=1976,i,9719428906805688631,3168165960160999559,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
                                                                                                                                                                                                                        Imagebase:0x730000
                                                                                                                                                                                                                        File size:138'321'408 bytes
                                                                                                                                                                                                                        MD5 hash:D05989CE9BE7EA67632845FA837299C9
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:27
                                                                                                                                                                                                                        Start time:02:05:29
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""
                                                                                                                                                                                                                        Imagebase:0x1c0000
                                                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:28
                                                                                                                                                                                                                        Start time:02:05:29
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:29
                                                                                                                                                                                                                        Start time:02:05:29
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"
                                                                                                                                                                                                                        Imagebase:0xe10000
                                                                                                                                                                                                                        File size:29'696 bytes
                                                                                                                                                                                                                        MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:31
                                                                                                                                                                                                                        Start time:02:05:34
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe"
                                                                                                                                                                                                                        Imagebase:0x730000
                                                                                                                                                                                                                        File size:138'321'408 bytes
                                                                                                                                                                                                                        MD5 hash:D05989CE9BE7EA67632845FA837299C9
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:32
                                                                                                                                                                                                                        Start time:02:05:36
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "chcp"
                                                                                                                                                                                                                        Imagebase:0x1c0000
                                                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:33
                                                                                                                                                                                                                        Start time:02:05:36
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:34
                                                                                                                                                                                                                        Start time:02:05:36
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\chcp.com
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:chcp
                                                                                                                                                                                                                        Imagebase:0xb70000
                                                                                                                                                                                                                        File size:12'800 bytes
                                                                                                                                                                                                                        MD5 hash:20A59FB950D8A191F7D35C4CA7DA9CAF
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:35
                                                                                                                                                                                                                        Start time:02:05:36
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                        Imagebase:0x1c0000
                                                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:36
                                                                                                                                                                                                                        Start time:02:05:36
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:37
                                                                                                                                                                                                                        Start time:02:05:36
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:tasklist
                                                                                                                                                                                                                        Imagebase:0x430000
                                                                                                                                                                                                                        File size:79'360 bytes
                                                                                                                                                                                                                        MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:38
                                                                                                                                                                                                                        Start time:02:05:37
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"
                                                                                                                                                                                                                        Imagebase:0x1c0000
                                                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:39
                                                                                                                                                                                                                        Start time:02:05:37
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:40
                                                                                                                                                                                                                        Start time:02:05:37
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                        Imagebase:0x9b0000
                                                                                                                                                                                                                        File size:433'152 bytes
                                                                                                                                                                                                                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:41
                                                                                                                                                                                                                        Start time:02:05:37
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                        Imagebase:0x9b0000
                                                                                                                                                                                                                        File size:433'152 bytes
                                                                                                                                                                                                                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:42
                                                                                                                                                                                                                        Start time:02:05:37
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:43
                                                                                                                                                                                                                        Start time:02:05:37
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                        Imagebase:0x9b0000
                                                                                                                                                                                                                        File size:433'152 bytes
                                                                                                                                                                                                                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:44
                                                                                                                                                                                                                        Start time:02:05:37
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:45
                                                                                                                                                                                                                        Start time:02:05:37
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:46
                                                                                                                                                                                                                        Start time:02:05:39
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\SerenityTherapyInstaller" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1912 --field-trial-handle=1916,i,2428637527847521265,8401632774138072131,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
                                                                                                                                                                                                                        Imagebase:0x730000
                                                                                                                                                                                                                        File size:138'321'408 bytes
                                                                                                                                                                                                                        MD5 hash:D05989CE9BE7EA67632845FA837299C9
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:47
                                                                                                                                                                                                                        Start time:02:05:40
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\SerenityTherapyInstaller" --mojo-platform-channel-handle=1808 --field-trial-handle=1916,i,2428637527847521265,8401632774138072131,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
                                                                                                                                                                                                                        Imagebase:0x730000
                                                                                                                                                                                                                        File size:138'321'408 bytes
                                                                                                                                                                                                                        MD5 hash:D05989CE9BE7EA67632845FA837299C9
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:49
                                                                                                                                                                                                                        Start time:02:05:42
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""
                                                                                                                                                                                                                        Imagebase:0x1c0000
                                                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:50
                                                                                                                                                                                                                        Start time:02:05:42
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff66e660000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:51
                                                                                                                                                                                                                        Start time:02:05:42
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"
                                                                                                                                                                                                                        Imagebase:0xe10000
                                                                                                                                                                                                                        File size:29'696 bytes
                                                                                                                                                                                                                        MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:52
                                                                                                                                                                                                                        Start time:02:07:25
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\SerenityTherapyInstaller" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1908 --field-trial-handle=1976,i,9719428906805688631,3168165960160999559,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
                                                                                                                                                                                                                        Imagebase:0x730000
                                                                                                                                                                                                                        File size:138'321'408 bytes
                                                                                                                                                                                                                        MD5 hash:D05989CE9BE7EA67632845FA837299C9
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:53
                                                                                                                                                                                                                        Start time:02:07:38
                                                                                                                                                                                                                        Start date:17/04/2024
                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Programs\SerenityTherapyInstaller\SerenityTherapyInstaller.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\SerenityTherapyInstaller" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=944 --field-trial-handle=1916,i,2428637527847521265,8401632774138072131,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
                                                                                                                                                                                                                        Imagebase:0x730000
                                                                                                                                                                                                                        File size:138'321'408 bytes
                                                                                                                                                                                                                        MD5 hash:D05989CE9BE7EA67632845FA837299C9
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                          Execution Coverage:27%
                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                          Signature Coverage:20.2%
                                                                                                                                                                                                                          Total number of Nodes:1333
                                                                                                                                                                                                                          Total number of Limit Nodes:35
                                                                                                                                                                                                                          execution_graph 2912 401941 2913 401943 2912->2913 2918 402c41 2913->2918 2919 402c4d 2918->2919 2960 4062dc 2919->2960 2922 401948 2924 4059cc 2922->2924 3002 405c97 2924->3002 2927 4059f4 DeleteFileW 2957 401951 2927->2957 2928 405a0b 2929 405b2b 2928->2929 3016 4062ba lstrcpynW 2928->3016 2929->2957 3045 4065fd FindFirstFileW 2929->3045 2931 405a31 2932 405a44 2931->2932 2933 405a37 lstrcatW 2931->2933 3018 405bdb lstrlenW 2932->3018 2934 405a4a 2933->2934 2937 405a5a lstrcatW 2934->2937 2939 405a65 lstrlenW FindFirstFileW 2934->2939 2937->2939 2939->2929 2949 405a87 2939->2949 2942 405984 5 API calls 2945 405b66 2942->2945 2944 405b0e FindNextFileW 2946 405b24 FindClose 2944->2946 2944->2949 2947 405b80 2945->2947 2948 405b6a 2945->2948 2946->2929 2951 405322 24 API calls 2947->2951 2952 405322 24 API calls 2948->2952 2948->2957 2949->2944 2953 4059cc 60 API calls 2949->2953 2955 405322 24 API calls 2949->2955 3017 4062ba lstrcpynW 2949->3017 3022 405984 2949->3022 3030 405322 2949->3030 3041 406080 MoveFileExW 2949->3041 2951->2957 2954 405b77 2952->2954 2953->2949 2956 406080 36 API calls 2954->2956 2955->2944 2956->2957 2973 4062e9 2960->2973 2961 406534 2962 402c6e 2961->2962 2993 4062ba lstrcpynW 2961->2993 2962->2922 2977 40654e 2962->2977 2964 406502 lstrlenW 2964->2973 2965 4062dc 10 API calls 2965->2964 2968 406417 GetSystemDirectoryW 2968->2973 2970 40642a GetWindowsDirectoryW 2970->2973 2971 40654e 5 API calls 2971->2973 2972 4064a5 lstrcatW 2972->2973 2973->2961 2973->2964 2973->2965 2973->2968 2973->2970 2973->2971 2973->2972 2974 40645e SHGetSpecialFolderLocation 2973->2974 2975 4062dc 10 API calls 2973->2975 2986 406188 2973->2986 2991 406201 wsprintfW 2973->2991 2992 4062ba lstrcpynW 2973->2992 2974->2973 2976 406476 SHGetPathFromIDListW CoTaskMemFree 2974->2976 2975->2973 2976->2973 2980 40655b 2977->2980 2978 4065d1 2979 4065d6 CharPrevW 2978->2979 2983 4065f7 2978->2983 2979->2978 2980->2978 2981 4065c4 CharNextW 2980->2981 2984 4065b0 CharNextW 2980->2984 2985 4065bf CharNextW 2980->2985 2998 405bbc 2980->2998 2981->2978 2981->2980 2983->2922 2984->2980 2985->2981 2994 406127 2986->2994 2989 4061ec 2989->2973 2990 4061bc RegQueryValueExW RegCloseKey 2990->2989 2991->2973 2992->2973 2993->2962 2995 406136 2994->2995 2996 40613a 2995->2996 2997 40613f RegOpenKeyExW 2995->2997 2996->2989 2996->2990 2997->2996 2999 405bc2 2998->2999 3000 405bd8 2999->3000 3001 405bc9 CharNextW 2999->3001 3000->2980 3001->2999 3051 4062ba lstrcpynW 3002->3051 3004 405ca8 3052 405c3a CharNextW CharNextW 3004->3052 3007 4059ec 3007->2927 3007->2928 3008 40654e 5 API calls 3011 405cbe 3008->3011 3009 405cef lstrlenW 3010 405cfa 3009->3010 3009->3011 3012 405b8f 3 API calls 3010->3012 3011->3007 3011->3009 3013 4065fd 2 API calls 3011->3013 3015 405bdb 2 API calls 3011->3015 3014 405cff GetFileAttributesW 3012->3014 3013->3011 3014->3007 3015->3009 3016->2931 3017->2949 3019 405be9 3018->3019 3020 405bfb 3019->3020 3021 405bef CharPrevW 3019->3021 3020->2934 3021->3019 3021->3020 3058 405d8b GetFileAttributesW 3022->3058 3025 4059b1 3025->2949 3026 4059a7 DeleteFileW 3028 4059ad 3026->3028 3027 40599f RemoveDirectoryW 3027->3028 3028->3025 3029 4059bd SetFileAttributesW 3028->3029 3029->3025 3031 40533d 3030->3031 3040 4053df 3030->3040 3032 405359 lstrlenW 3031->3032 3033 4062dc 17 API calls 3031->3033 3034 405382 3032->3034 3035 405367 lstrlenW 3032->3035 3033->3032 3037 405395 3034->3037 3038 405388 SetWindowTextW 3034->3038 3036 405379 lstrcatW 3035->3036 3035->3040 3036->3034 3039 40539b SendMessageW SendMessageW SendMessageW 3037->3039 3037->3040 3038->3037 3039->3040 3040->2949 3042 4060a1 3041->3042 3043 406094 3041->3043 3042->2949 3061 405f06 3043->3061 3046 406613 FindClose 3045->3046 3047 405b50 3045->3047 3046->3047 3047->2957 3048 405b8f lstrlenW CharPrevW 3047->3048 3049 405b5a 3048->3049 3050 405bab lstrcatW 3048->3050 3049->2942 3050->3049 3051->3004 3053 405c57 3052->3053 3056 405c69 3052->3056 3055 405c64 CharNextW 3053->3055 3053->3056 3054 405c8d 3054->3007 3054->3008 3055->3054 3056->3054 3057 405bbc CharNextW 3056->3057 3057->3056 3059 405990 3058->3059 3060 405d9d SetFileAttributesW 3058->3060 3059->3025 3059->3026 3059->3027 3060->3059 3062 405f36 3061->3062 3063 405f5c GetShortPathNameW 3061->3063 3088 405db0 GetFileAttributesW CreateFileW 3062->3088 3065 405f71 3063->3065 3066 40607b 3063->3066 3065->3066 3067 405f79 wsprintfA 3065->3067 3066->3042 3069 4062dc 17 API calls 3067->3069 3068 405f40 CloseHandle GetShortPathNameW 3068->3066 3070 405f54 3068->3070 3071 405fa1 3069->3071 3070->3063 3070->3066 3089 405db0 GetFileAttributesW CreateFileW 3071->3089 3073 405fae 3073->3066 3074 405fbd GetFileSize GlobalAlloc 3073->3074 3075 406074 CloseHandle 3074->3075 3076 405fdf 3074->3076 3075->3066 3090 405e33 ReadFile 3076->3090 3081 406012 3083 405d15 4 API calls 3081->3083 3082 405ffe lstrcpyA 3084 406020 3082->3084 3083->3084 3085 406057 SetFilePointer 3084->3085 3097 405e62 WriteFile 3085->3097 3088->3068 3089->3073 3091 405e51 3090->3091 3091->3075 3092 405d15 lstrlenA 3091->3092 3093 405d56 lstrlenA 3092->3093 3094 405d2f lstrcmpiA 3093->3094 3095 405d5e 3093->3095 3094->3095 3096 405d4d CharNextA 3094->3096 3095->3081 3095->3082 3096->3093 3098 405e80 GlobalFree 3097->3098 3098->3075 3099 4015c1 3100 402c41 17 API calls 3099->3100 3101 4015c8 3100->3101 3102 405c3a 4 API calls 3101->3102 3114 4015d1 3102->3114 3103 401631 3105 401663 3103->3105 3106 401636 3103->3106 3104 405bbc CharNextW 3104->3114 3108 401423 24 API calls 3105->3108 3126 401423 3106->3126 3116 40165b 3108->3116 3113 40164a SetCurrentDirectoryW 3113->3116 3114->3103 3114->3104 3115 401617 GetFileAttributesW 3114->3115 3118 40588b 3114->3118 3121 4057f1 CreateDirectoryW 3114->3121 3130 40586e CreateDirectoryW 3114->3130 3115->3114 3133 406694 GetModuleHandleA 3118->3133 3122 405842 GetLastError 3121->3122 3123 40583e 3121->3123 3122->3123 3124 405851 SetFileSecurityW 3122->3124 3123->3114 3124->3123 3125 405867 GetLastError 3124->3125 3125->3123 3127 405322 24 API calls 3126->3127 3128 401431 3127->3128 3129 4062ba lstrcpynW 3128->3129 3129->3113 3131 405882 GetLastError 3130->3131 3132 40587e 3130->3132 3131->3132 3132->3114 3134 4066b0 3133->3134 3135 4066ba GetProcAddress 3133->3135 3139 406624 GetSystemDirectoryW 3134->3139 3137 405892 3135->3137 3137->3114 3138 4066b6 3138->3135 3138->3137 3140 406646 wsprintfW LoadLibraryExW 3139->3140 3140->3138 3310 401e49 3311 402c1f 17 API calls 3310->3311 3312 401e4f 3311->3312 3313 402c1f 17 API calls 3312->3313 3314 401e5b 3313->3314 3315 401e72 EnableWindow 3314->3315 3316 401e67 ShowWindow 3314->3316 3317 402ac5 3315->3317 3316->3317 3772 40264a 3773 402c1f 17 API calls 3772->3773 3777 402659 3773->3777 3774 4026a3 ReadFile 3774->3777 3784 402796 3774->3784 3775 405e33 ReadFile 3775->3777 3777->3774 3777->3775 3778 4026e3 MultiByteToWideChar 3777->3778 3779 402798 3777->3779 3781 402709 SetFilePointer MultiByteToWideChar 3777->3781 3782 4027a9 3777->3782 3777->3784 3785 405e91 SetFilePointer 3777->3785 3778->3777 3794 406201 wsprintfW 3779->3794 3781->3777 3783 4027ca SetFilePointer 3782->3783 3782->3784 3783->3784 3786 405ead 3785->3786 3787 405ec5 3785->3787 3788 405e33 ReadFile 3786->3788 3787->3777 3789 405eb9 3788->3789 3789->3787 3790 405ef6 SetFilePointer 3789->3790 3791 405ece SetFilePointer 3789->3791 3790->3787 3791->3790 3792 405ed9 3791->3792 3793 405e62 WriteFile 3792->3793 3793->3787 3794->3784 3798 4016cc 3799 402c41 17 API calls 3798->3799 3800 4016d2 GetFullPathNameW 3799->3800 3801 4016ec 3800->3801 3807 40170e 3800->3807 3804 4065fd 2 API calls 3801->3804 3801->3807 3802 401723 GetShortPathNameW 3803 402ac5 3802->3803 3805 4016fe 3804->3805 3805->3807 3808 4062ba lstrcpynW 3805->3808 3807->3802 3807->3803 3808->3807 3809 40234e 3810 402c41 17 API calls 3809->3810 3811 40235d 3810->3811 3812 402c41 17 API calls 3811->3812 3813 402366 3812->3813 3814 402c41 17 API calls 3813->3814 3815 402370 GetPrivateProfileStringW 3814->3815 3598 4038d0 3599 4038e8 3598->3599 3600 4038da CloseHandle 3598->3600 3605 403915 3599->3605 3600->3599 3603 4059cc 67 API calls 3604 4038f9 3603->3604 3606 403923 3605->3606 3607 4038ed 3606->3607 3608 403928 FreeLibrary GlobalFree 3606->3608 3607->3603 3608->3607 3608->3608 3816 401b53 3817 402c41 17 API calls 3816->3817 3818 401b5a 3817->3818 3819 402c1f 17 API calls 3818->3819 3820 401b63 wsprintfW 3819->3820 3821 402ac5 3820->3821 3822 401956 3823 402c41 17 API calls 3822->3823 3824 40195d lstrlenW 3823->3824 3825 402592 3824->3825 3826 4014d7 3827 402c1f 17 API calls 3826->3827 3828 4014dd Sleep 3827->3828 3830 402ac5 3828->3830 3655 403d58 3656 403d70 3655->3656 3657 403eab 3655->3657 3656->3657 3658 403d7c 3656->3658 3659 403efc 3657->3659 3660 403ebc GetDlgItem GetDlgItem 3657->3660 3662 403d87 SetWindowPos 3658->3662 3663 403d9a 3658->3663 3661 403f56 3659->3661 3669 401389 2 API calls 3659->3669 3664 404231 18 API calls 3660->3664 3665 40427d SendMessageW 3661->3665 3686 403ea6 3661->3686 3662->3663 3666 403db7 3663->3666 3667 403d9f ShowWindow 3663->3667 3668 403ee6 SetClassLongW 3664->3668 3698 403f68 3665->3698 3670 403dd9 3666->3670 3671 403dbf DestroyWindow 3666->3671 3667->3666 3672 40140b 2 API calls 3668->3672 3673 403f2e 3669->3673 3674 403dde SetWindowLongW 3670->3674 3675 403def 3670->3675 3725 4041ba 3671->3725 3672->3659 3673->3661 3678 403f32 SendMessageW 3673->3678 3674->3686 3676 403e98 3675->3676 3677 403dfb GetDlgItem 3675->3677 3683 404298 8 API calls 3676->3683 3681 403e2b 3677->3681 3682 403e0e SendMessageW IsWindowEnabled 3677->3682 3678->3686 3679 40140b 2 API calls 3679->3698 3680 4041bc DestroyWindow EndDialog 3680->3725 3685 403e30 3681->3685 3688 403e38 3681->3688 3690 403e7f SendMessageW 3681->3690 3691 403e4b 3681->3691 3682->3681 3682->3686 3683->3686 3684 4041eb ShowWindow 3684->3686 3692 40420a SendMessageW 3685->3692 3687 4062dc 17 API calls 3687->3698 3688->3685 3688->3690 3689 404231 18 API calls 3689->3698 3690->3676 3694 403e53 3691->3694 3695 403e68 3691->3695 3693 403e66 3692->3693 3693->3676 3697 40140b 2 API calls 3694->3697 3696 40140b 2 API calls 3695->3696 3699 403e6f 3696->3699 3697->3685 3698->3679 3698->3680 3698->3686 3698->3687 3698->3689 3700 404231 18 API calls 3698->3700 3716 4040fc DestroyWindow 3698->3716 3699->3676 3699->3685 3701 403fe3 GetDlgItem 3700->3701 3702 404000 ShowWindow KiUserCallbackDispatcher 3701->3702 3703 403ff8 3701->3703 3726 404253 KiUserCallbackDispatcher 3702->3726 3703->3702 3705 40402a EnableWindow 3710 40403e 3705->3710 3706 404043 GetSystemMenu EnableMenuItem SendMessageW 3707 404073 SendMessageW 3706->3707 3706->3710 3707->3710 3709 403d39 18 API calls 3709->3710 3710->3706 3710->3709 3727 404266 SendMessageW 3710->3727 3728 4062ba lstrcpynW 3710->3728 3712 4040a2 lstrlenW 3713 4062dc 17 API calls 3712->3713 3714 4040b8 SetWindowTextW 3713->3714 3715 401389 2 API calls 3714->3715 3715->3698 3717 404116 CreateDialogParamW 3716->3717 3716->3725 3718 404149 3717->3718 3717->3725 3719 404231 18 API calls 3718->3719 3720 404154 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3719->3720 3721 401389 2 API calls 3720->3721 3722 40419a 3721->3722 3722->3686 3723 4041a2 ShowWindow 3722->3723 3724 40427d SendMessageW 3723->3724 3724->3725 3725->3684 3725->3686 3726->3705 3727->3710 3728->3712 3831 401f58 3832 402c41 17 API calls 3831->3832 3833 401f5f 3832->3833 3834 4065fd 2 API calls 3833->3834 3835 401f65 3834->3835 3837 401f76 3835->3837 3838 406201 wsprintfW 3835->3838 3838->3837 3729 402259 3730 402c41 17 API calls 3729->3730 3731 40225f 3730->3731 3732 402c41 17 API calls 3731->3732 3733 402268 3732->3733 3734 402c41 17 API calls 3733->3734 3735 402271 3734->3735 3736 4065fd 2 API calls 3735->3736 3737 40227a 3736->3737 3738 40228b lstrlenW lstrlenW 3737->3738 3739 40227e 3737->3739 3741 405322 24 API calls 3738->3741 3740 405322 24 API calls 3739->3740 3743 402286 3739->3743 3740->3743 3742 4022c9 SHFileOperationW 3741->3742 3742->3739 3742->3743 3839 4046db 3840 404711 3839->3840 3841 4046eb 3839->3841 3843 404298 8 API calls 3840->3843 3842 404231 18 API calls 3841->3842 3844 4046f8 SetDlgItemTextW 3842->3844 3845 40471d 3843->3845 3844->3840 3744 40175c 3745 402c41 17 API calls 3744->3745 3746 401763 3745->3746 3747 405ddf 2 API calls 3746->3747 3748 40176a 3747->3748 3749 405ddf 2 API calls 3748->3749 3749->3748 3846 401d5d GetDlgItem GetClientRect 3847 402c41 17 API calls 3846->3847 3848 401d8f LoadImageW SendMessageW 3847->3848 3849 402ac5 3848->3849 3850 401dad DeleteObject 3848->3850 3850->3849 3851 4022dd 3852 4022e4 3851->3852 3853 4022f7 3851->3853 3854 4062dc 17 API calls 3852->3854 3855 4022f1 3854->3855 3856 405920 MessageBoxIndirectW 3855->3856 3856->3853 3142 405461 3143 405482 GetDlgItem GetDlgItem GetDlgItem 3142->3143 3144 40560b 3142->3144 3188 404266 SendMessageW 3143->3188 3146 405614 GetDlgItem CreateThread FindCloseChangeNotification 3144->3146 3147 40563c 3144->3147 3146->3147 3211 4053f5 OleInitialize 3146->3211 3149 405667 3147->3149 3150 405653 ShowWindow ShowWindow 3147->3150 3151 40568c 3147->3151 3148 4054f2 3155 4054f9 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3148->3155 3152 405673 3149->3152 3153 4056c7 3149->3153 3193 404266 SendMessageW 3150->3193 3197 404298 3151->3197 3157 4056a1 ShowWindow 3152->3157 3158 40567b 3152->3158 3153->3151 3163 4056d5 SendMessageW 3153->3163 3161 405567 3155->3161 3162 40554b SendMessageW SendMessageW 3155->3162 3159 4056c1 3157->3159 3160 4056b3 3157->3160 3194 40420a 3158->3194 3166 40420a SendMessageW 3159->3166 3165 405322 24 API calls 3160->3165 3167 40557a 3161->3167 3168 40556c SendMessageW 3161->3168 3162->3161 3169 40569a 3163->3169 3170 4056ee CreatePopupMenu 3163->3170 3165->3159 3166->3153 3189 404231 3167->3189 3168->3167 3171 4062dc 17 API calls 3170->3171 3173 4056fe AppendMenuW 3171->3173 3175 40571b GetWindowRect 3173->3175 3176 40572e TrackPopupMenu 3173->3176 3174 40558a 3177 405593 ShowWindow 3174->3177 3178 4055c7 GetDlgItem SendMessageW 3174->3178 3175->3176 3176->3169 3180 405749 3176->3180 3181 4055b6 3177->3181 3182 4055a9 ShowWindow 3177->3182 3178->3169 3179 4055ee SendMessageW SendMessageW 3178->3179 3179->3169 3183 405765 SendMessageW 3180->3183 3192 404266 SendMessageW 3181->3192 3182->3181 3183->3183 3184 405782 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3183->3184 3186 4057a7 SendMessageW 3184->3186 3186->3186 3187 4057d0 GlobalUnlock SetClipboardData CloseClipboard 3186->3187 3187->3169 3188->3148 3190 4062dc 17 API calls 3189->3190 3191 40423c SetDlgItemTextW 3190->3191 3191->3174 3192->3178 3193->3149 3195 404211 3194->3195 3196 404217 SendMessageW 3194->3196 3195->3196 3196->3151 3198 40435b 3197->3198 3199 4042b0 GetWindowLongW 3197->3199 3198->3169 3199->3198 3200 4042c5 3199->3200 3200->3198 3201 4042f2 GetSysColor 3200->3201 3202 4042f5 3200->3202 3201->3202 3203 404305 SetBkMode 3202->3203 3204 4042fb SetTextColor 3202->3204 3205 404323 3203->3205 3206 40431d GetSysColor 3203->3206 3204->3203 3207 404334 3205->3207 3208 40432a SetBkColor 3205->3208 3206->3205 3207->3198 3209 404347 DeleteObject 3207->3209 3210 40434e CreateBrushIndirect 3207->3210 3208->3207 3209->3210 3210->3198 3218 40427d 3211->3218 3213 405418 3217 40543f 3213->3217 3221 401389 3213->3221 3214 40427d SendMessageW 3215 405451 OleUninitialize 3214->3215 3217->3214 3219 404295 3218->3219 3220 404286 SendMessageW 3218->3220 3219->3213 3220->3219 3223 401390 3221->3223 3222 4013fe 3222->3213 3223->3222 3224 4013cb MulDiv SendMessageW 3223->3224 3224->3223 3857 401563 3858 402a6b 3857->3858 3861 406201 wsprintfW 3858->3861 3860 402a70 3861->3860 3225 4023e4 3226 402c41 17 API calls 3225->3226 3227 4023f6 3226->3227 3228 402c41 17 API calls 3227->3228 3229 402400 3228->3229 3242 402cd1 3229->3242 3232 402ac5 3233 402438 3234 402444 3233->3234 3246 402c1f 3233->3246 3237 402463 RegSetValueExW 3234->3237 3249 403116 3234->3249 3235 402c41 17 API calls 3238 40242e lstrlenW 3235->3238 3240 402479 RegCloseKey 3237->3240 3238->3233 3240->3232 3243 402cec 3242->3243 3269 406155 3243->3269 3247 4062dc 17 API calls 3246->3247 3248 402c34 3247->3248 3248->3234 3250 40312f 3249->3250 3251 40315d 3250->3251 3276 403347 SetFilePointer 3250->3276 3273 403331 3251->3273 3255 4032ca 3257 40330c 3255->3257 3262 4032ce 3255->3262 3256 40317a GetTickCount 3258 4032b4 3256->3258 3265 4031c9 3256->3265 3260 403331 ReadFile 3257->3260 3258->3237 3259 403331 ReadFile 3259->3265 3260->3258 3261 403331 ReadFile 3261->3262 3262->3258 3262->3261 3263 405e62 WriteFile 3262->3263 3263->3262 3264 40321f GetTickCount 3264->3265 3265->3258 3265->3259 3265->3264 3266 403244 MulDiv wsprintfW 3265->3266 3268 405e62 WriteFile 3265->3268 3267 405322 24 API calls 3266->3267 3267->3265 3268->3265 3270 406164 3269->3270 3271 402410 3270->3271 3272 40616f RegCreateKeyExW 3270->3272 3271->3232 3271->3233 3271->3235 3272->3271 3274 405e33 ReadFile 3273->3274 3275 403168 3274->3275 3275->3255 3275->3256 3275->3258 3276->3251 3862 404367 lstrcpynW lstrlenW 3863 401968 3864 402c1f 17 API calls 3863->3864 3865 40196f 3864->3865 3866 402c1f 17 API calls 3865->3866 3867 40197c 3866->3867 3868 402c41 17 API calls 3867->3868 3869 401993 lstrlenW 3868->3869 3870 4019a4 3869->3870 3871 4019e5 3870->3871 3875 4062ba lstrcpynW 3870->3875 3873 4019d5 3873->3871 3874 4019da lstrlenW 3873->3874 3874->3871 3875->3873 3876 402868 3877 402c41 17 API calls 3876->3877 3878 40286f FindFirstFileW 3877->3878 3879 402882 3878->3879 3880 402897 3878->3880 3884 406201 wsprintfW 3880->3884 3882 4028a0 3885 4062ba lstrcpynW 3882->3885 3884->3882 3885->3879 3886 403968 3887 403973 3886->3887 3888 403977 3887->3888 3889 40397a GlobalAlloc 3887->3889 3889->3888 3890 40166a 3891 402c41 17 API calls 3890->3891 3892 401670 3891->3892 3893 4065fd 2 API calls 3892->3893 3894 401676 3893->3894 3318 40176f 3319 402c41 17 API calls 3318->3319 3320 401776 3319->3320 3321 401796 3320->3321 3322 40179e 3320->3322 3357 4062ba lstrcpynW 3321->3357 3358 4062ba lstrcpynW 3322->3358 3325 40179c 3329 40654e 5 API calls 3325->3329 3326 4017a9 3327 405b8f 3 API calls 3326->3327 3328 4017af lstrcatW 3327->3328 3328->3325 3347 4017bb 3329->3347 3330 4065fd 2 API calls 3330->3347 3331 405d8b 2 API calls 3331->3347 3333 4017cd CompareFileTime 3333->3347 3334 40188d 3336 405322 24 API calls 3334->3336 3335 401864 3337 405322 24 API calls 3335->3337 3346 401879 3335->3346 3338 401897 3336->3338 3337->3346 3339 403116 31 API calls 3338->3339 3341 4018aa 3339->3341 3340 4062ba lstrcpynW 3340->3347 3342 4018be SetFileTime 3341->3342 3344 4018d0 FindCloseChangeNotification 3341->3344 3342->3344 3343 4062dc 17 API calls 3343->3347 3345 4018e1 3344->3345 3344->3346 3348 4018e6 3345->3348 3349 4018f9 3345->3349 3347->3330 3347->3331 3347->3333 3347->3334 3347->3335 3347->3340 3347->3343 3356 405db0 GetFileAttributesW CreateFileW 3347->3356 3359 405920 3347->3359 3350 4062dc 17 API calls 3348->3350 3351 4062dc 17 API calls 3349->3351 3352 4018ee lstrcatW 3350->3352 3353 401901 3351->3353 3352->3353 3355 405920 MessageBoxIndirectW 3353->3355 3355->3346 3356->3347 3357->3325 3358->3326 3360 405935 3359->3360 3361 405981 3360->3361 3362 405949 MessageBoxIndirectW 3360->3362 3361->3347 3362->3361 3895 4027ef 3896 4027f6 3895->3896 3899 402a70 3895->3899 3897 402c1f 17 API calls 3896->3897 3898 4027fd 3897->3898 3900 40280c SetFilePointer 3898->3900 3900->3899 3901 40281c 3900->3901 3903 406201 wsprintfW 3901->3903 3903->3899 3904 4043f0 3905 404408 3904->3905 3909 404522 3904->3909 3910 404231 18 API calls 3905->3910 3906 40458c 3907 404656 3906->3907 3908 404596 GetDlgItem 3906->3908 3915 404298 8 API calls 3907->3915 3911 4045b0 3908->3911 3912 404617 3908->3912 3909->3906 3909->3907 3913 40455d GetDlgItem SendMessageW 3909->3913 3914 40446f 3910->3914 3911->3912 3918 4045d6 SendMessageW LoadCursorW SetCursor 3911->3918 3912->3907 3919 404629 3912->3919 3937 404253 KiUserCallbackDispatcher 3913->3937 3917 404231 18 API calls 3914->3917 3925 404651 3915->3925 3921 40447c CheckDlgButton 3917->3921 3941 40469f 3918->3941 3923 40463f 3919->3923 3924 40462f SendMessageW 3919->3924 3920 404587 3938 40467b 3920->3938 3935 404253 KiUserCallbackDispatcher 3921->3935 3923->3925 3926 404645 SendMessageW 3923->3926 3924->3923 3926->3925 3930 40449a GetDlgItem 3936 404266 SendMessageW 3930->3936 3932 4044b0 SendMessageW 3933 4044d6 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 3932->3933 3934 4044cd GetSysColor 3932->3934 3933->3925 3934->3933 3935->3930 3936->3932 3937->3920 3939 404689 3938->3939 3940 40468e SendMessageW 3938->3940 3939->3940 3940->3906 3944 4058e6 ShellExecuteExW 3941->3944 3943 404605 LoadCursorW SetCursor 3943->3912 3944->3943 3945 401a72 3946 402c1f 17 API calls 3945->3946 3947 401a7b 3946->3947 3948 402c1f 17 API calls 3947->3948 3949 401a20 3948->3949 3950 401573 3951 401583 ShowWindow 3950->3951 3952 40158c 3950->3952 3951->3952 3953 40159a ShowWindow 3952->3953 3954 402ac5 3952->3954 3953->3954 3955 402df3 3956 402e05 SetTimer 3955->3956 3957 402e1e 3955->3957 3956->3957 3958 402e73 3957->3958 3959 402e38 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 3957->3959 3959->3958 3960 401cf3 3961 402c1f 17 API calls 3960->3961 3962 401cf9 IsWindow 3961->3962 3963 401a20 3962->3963 3964 4014f5 SetForegroundWindow 3965 402ac5 3964->3965 3966 402576 3967 402c41 17 API calls 3966->3967 3968 40257d 3967->3968 3971 405db0 GetFileAttributesW CreateFileW 3968->3971 3970 402589 3971->3970 3632 401b77 3633 401bc8 3632->3633 3635 401b84 3632->3635 3636 401bf2 GlobalAlloc 3633->3636 3637 401bcd 3633->3637 3634 4022e4 3639 4062dc 17 API calls 3634->3639 3635->3634 3641 401b9b 3635->3641 3638 4062dc 17 API calls 3636->3638 3647 401c0d 3637->3647 3651 4062ba lstrcpynW 3637->3651 3638->3647 3640 4022f1 3639->3640 3645 405920 MessageBoxIndirectW 3640->3645 3652 4062ba lstrcpynW 3641->3652 3644 401bdf GlobalFree 3644->3647 3645->3647 3646 401baa 3653 4062ba lstrcpynW 3646->3653 3649 401bb9 3654 4062ba lstrcpynW 3649->3654 3651->3644 3652->3646 3653->3649 3654->3647 3972 404a78 3973 404aa4 3972->3973 3974 404a88 3972->3974 3976 404ad7 3973->3976 3977 404aaa SHGetPathFromIDListW 3973->3977 3983 405904 GetDlgItemTextW 3974->3983 3979 404ac1 SendMessageW 3977->3979 3980 404aba 3977->3980 3978 404a95 SendMessageW 3978->3973 3979->3976 3982 40140b 2 API calls 3980->3982 3982->3979 3983->3978 3984 4024f8 3985 402c81 17 API calls 3984->3985 3986 402502 3985->3986 3987 402c1f 17 API calls 3986->3987 3988 40250b 3987->3988 3989 402533 RegEnumValueW 3988->3989 3990 402527 RegEnumKeyW 3988->3990 3992 40288b 3988->3992 3991 402548 RegCloseKey 3989->3991 3990->3991 3991->3992 3994 40167b 3995 402c41 17 API calls 3994->3995 3996 401682 3995->3996 3997 402c41 17 API calls 3996->3997 3998 40168b 3997->3998 3999 402c41 17 API calls 3998->3999 4000 401694 MoveFileW 3999->4000 4001 4016a7 4000->4001 4007 4016a0 4000->4007 4003 4065fd 2 API calls 4001->4003 4005 402250 4001->4005 4002 401423 24 API calls 4002->4005 4004 4016b6 4003->4004 4004->4005 4006 406080 36 API calls 4004->4006 4006->4007 4007->4002 4008 401e7d 4009 402c41 17 API calls 4008->4009 4010 401e83 4009->4010 4011 402c41 17 API calls 4010->4011 4012 401e8c 4011->4012 4013 402c41 17 API calls 4012->4013 4014 401e95 4013->4014 4015 402c41 17 API calls 4014->4015 4016 401e9e 4015->4016 4017 401423 24 API calls 4016->4017 4018 401ea5 4017->4018 4025 4058e6 ShellExecuteExW 4018->4025 4020 401ee7 4023 40288b 4020->4023 4026 406745 WaitForSingleObject 4020->4026 4022 401f01 CloseHandle 4022->4023 4025->4020 4027 40675f 4026->4027 4028 406771 GetExitCodeProcess 4027->4028 4029 4066d0 2 API calls 4027->4029 4028->4022 4030 406766 WaitForSingleObject 4029->4030 4030->4027 4031 4019ff 4032 402c41 17 API calls 4031->4032 4033 401a06 4032->4033 4034 402c41 17 API calls 4033->4034 4035 401a0f 4034->4035 4036 401a16 lstrcmpiW 4035->4036 4037 401a28 lstrcmpW 4035->4037 4038 401a1c 4036->4038 4037->4038 4039 401000 4040 401037 BeginPaint GetClientRect 4039->4040 4041 40100c DefWindowProcW 4039->4041 4043 4010f3 4040->4043 4044 401179 4041->4044 4045 401073 CreateBrushIndirect FillRect DeleteObject 4043->4045 4046 4010fc 4043->4046 4045->4043 4047 401102 CreateFontIndirectW 4046->4047 4048 401167 EndPaint 4046->4048 4047->4048 4049 401112 6 API calls 4047->4049 4048->4044 4049->4048 4050 401503 4051 40150b 4050->4051 4053 40151e 4050->4053 4052 402c1f 17 API calls 4051->4052 4052->4053 3277 402104 3278 402c41 17 API calls 3277->3278 3279 40210b 3278->3279 3280 402c41 17 API calls 3279->3280 3281 402115 3280->3281 3282 402c41 17 API calls 3281->3282 3283 40211f 3282->3283 3284 402c41 17 API calls 3283->3284 3285 402129 3284->3285 3286 402c41 17 API calls 3285->3286 3288 402133 3286->3288 3287 402172 CoCreateInstance 3292 402191 3287->3292 3288->3287 3289 402c41 17 API calls 3288->3289 3289->3287 3290 401423 24 API calls 3291 402250 3290->3291 3292->3290 3292->3291 3293 402484 3304 402c81 3293->3304 3296 402c41 17 API calls 3297 402497 3296->3297 3298 4024a2 RegQueryValueExW 3297->3298 3299 40288b 3297->3299 3300 4024c2 3298->3300 3301 4024c8 RegCloseKey 3298->3301 3300->3301 3309 406201 wsprintfW 3300->3309 3301->3299 3305 402c41 17 API calls 3304->3305 3306 402c98 3305->3306 3307 406127 RegOpenKeyExW 3306->3307 3308 40248e 3307->3308 3308->3296 3309->3301 4054 401f06 4055 402c41 17 API calls 4054->4055 4056 401f0c 4055->4056 4057 405322 24 API calls 4056->4057 4058 401f16 4057->4058 4059 4058a3 2 API calls 4058->4059 4060 401f1c 4059->4060 4061 401f3f CloseHandle 4060->4061 4062 40288b 4060->4062 4063 406745 5 API calls 4060->4063 4061->4062 4065 401f31 4063->4065 4065->4061 4067 406201 wsprintfW 4065->4067 4067->4061 4068 40190c 4069 401943 4068->4069 4070 402c41 17 API calls 4069->4070 4071 401948 4070->4071 4072 4059cc 67 API calls 4071->4072 4073 401951 4072->4073 4074 40230c 4075 402314 4074->4075 4077 40231a 4074->4077 4076 402c41 17 API calls 4075->4076 4076->4077 4078 402328 4077->4078 4080 402c41 17 API calls 4077->4080 4079 402336 4078->4079 4081 402c41 17 API calls 4078->4081 4082 402c41 17 API calls 4079->4082 4080->4078 4081->4079 4083 40233f WritePrivateProfileStringW 4082->4083 4084 401f8c 4085 402c41 17 API calls 4084->4085 4086 401f93 4085->4086 4087 406694 5 API calls 4086->4087 4088 401fa2 4087->4088 4089 402026 4088->4089 4090 401fbe GlobalAlloc 4088->4090 4090->4089 4091 401fd2 4090->4091 4092 406694 5 API calls 4091->4092 4093 401fd9 4092->4093 4094 406694 5 API calls 4093->4094 4095 401fe3 4094->4095 4095->4089 4099 406201 wsprintfW 4095->4099 4097 402018 4100 406201 wsprintfW 4097->4100 4099->4097 4100->4089 4101 40238e 4102 4023c1 4101->4102 4103 402396 4101->4103 4105 402c41 17 API calls 4102->4105 4104 402c81 17 API calls 4103->4104 4107 40239d 4104->4107 4106 4023c8 4105->4106 4112 402cff 4106->4112 4109 4023d5 4107->4109 4110 402c41 17 API calls 4107->4110 4111 4023ae RegDeleteValueW RegCloseKey 4110->4111 4111->4109 4113 402d13 4112->4113 4115 402d0c 4112->4115 4113->4115 4116 402d44 4113->4116 4115->4109 4117 406127 RegOpenKeyExW 4116->4117 4118 402d72 4117->4118 4119 402d98 RegEnumKeyW 4118->4119 4120 402daf RegCloseKey 4118->4120 4121 402dd0 RegCloseKey 4118->4121 4123 402d44 6 API calls 4118->4123 4126 402dc3 4118->4126 4119->4118 4119->4120 4122 406694 5 API calls 4120->4122 4121->4126 4124 402dbf 4122->4124 4123->4118 4125 402de0 RegDeleteKeyW 4124->4125 4124->4126 4125->4126 4126->4115 3363 40338f SetErrorMode GetVersion 3364 4033ce 3363->3364 3365 4033d4 3363->3365 3366 406694 5 API calls 3364->3366 3367 406624 3 API calls 3365->3367 3366->3365 3368 4033ea lstrlenA 3367->3368 3368->3365 3369 4033fa 3368->3369 3370 406694 5 API calls 3369->3370 3371 403401 3370->3371 3372 406694 5 API calls 3371->3372 3373 403408 3372->3373 3374 406694 5 API calls 3373->3374 3375 403414 #17 OleInitialize SHGetFileInfoW 3374->3375 3453 4062ba lstrcpynW 3375->3453 3378 403460 GetCommandLineW 3454 4062ba lstrcpynW 3378->3454 3380 403472 3381 405bbc CharNextW 3380->3381 3382 403497 CharNextW 3381->3382 3383 4035c1 GetTempPathW 3382->3383 3394 4034b0 3382->3394 3455 40335e 3383->3455 3385 4035d9 3386 403633 DeleteFileW 3385->3386 3387 4035dd GetWindowsDirectoryW lstrcatW 3385->3387 3465 402edd GetTickCount GetModuleFileNameW 3386->3465 3388 40335e 12 API calls 3387->3388 3391 4035f9 3388->3391 3389 405bbc CharNextW 3389->3394 3391->3386 3393 4035fd GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3391->3393 3392 403647 3395 4036fe ExitProcess OleUninitialize 3392->3395 3404 405bbc CharNextW 3392->3404 3436 4036ea 3392->3436 3396 40335e 12 API calls 3393->3396 3394->3389 3397 4035ac 3394->3397 3398 4035aa 3394->3398 3399 403834 3395->3399 3400 403714 3395->3400 3402 40362b 3396->3402 3549 4062ba lstrcpynW 3397->3549 3398->3383 3401 40383c GetCurrentProcess OpenProcessToken 3399->3401 3411 4038b8 ExitProcess 3399->3411 3406 405920 MessageBoxIndirectW 3400->3406 3408 403854 LookupPrivilegeValueW AdjustTokenPrivileges 3401->3408 3409 403888 3401->3409 3402->3386 3402->3395 3420 403666 3404->3420 3407 403722 ExitProcess 3406->3407 3408->3409 3413 406694 5 API calls 3409->3413 3410 4036fa 3410->3395 3416 40388f 3413->3416 3414 4036c4 3418 405c97 18 API calls 3414->3418 3415 40372a 3417 40588b 5 API calls 3415->3417 3419 4038a4 ExitWindowsEx 3416->3419 3423 4038b1 3416->3423 3421 40372f lstrcatW 3417->3421 3422 4036d0 3418->3422 3419->3411 3419->3423 3420->3414 3420->3415 3424 403740 lstrcatW 3421->3424 3425 40374b lstrcatW lstrcmpiW 3421->3425 3422->3395 3550 4062ba lstrcpynW 3422->3550 3557 40140b 3423->3557 3424->3425 3425->3395 3427 403767 3425->3427 3429 403773 3427->3429 3430 40376c 3427->3430 3434 40586e 2 API calls 3429->3434 3432 4057f1 4 API calls 3430->3432 3431 4036df 3551 4062ba lstrcpynW 3431->3551 3435 403771 3432->3435 3437 403778 SetCurrentDirectoryW 3434->3437 3435->3437 3493 4039aa 3436->3493 3438 403793 3437->3438 3439 403788 3437->3439 3553 4062ba lstrcpynW 3438->3553 3552 4062ba lstrcpynW 3439->3552 3442 4062dc 17 API calls 3443 4037d2 DeleteFileW 3442->3443 3444 4037df CopyFileW 3443->3444 3450 4037a1 3443->3450 3444->3450 3445 403828 3446 406080 36 API calls 3445->3446 3448 40382f 3446->3448 3447 406080 36 API calls 3447->3450 3448->3395 3449 4062dc 17 API calls 3449->3450 3450->3442 3450->3445 3450->3447 3450->3449 3452 403813 CloseHandle 3450->3452 3554 4058a3 CreateProcessW 3450->3554 3452->3450 3453->3378 3454->3380 3456 40654e 5 API calls 3455->3456 3458 40336a 3456->3458 3457 403374 3457->3385 3458->3457 3459 405b8f 3 API calls 3458->3459 3460 40337c 3459->3460 3461 40586e 2 API calls 3460->3461 3462 403382 3461->3462 3560 405ddf 3462->3560 3564 405db0 GetFileAttributesW CreateFileW 3465->3564 3467 402f1d 3492 402f2d 3467->3492 3565 4062ba lstrcpynW 3467->3565 3469 402f43 3470 405bdb 2 API calls 3469->3470 3471 402f49 3470->3471 3566 4062ba lstrcpynW 3471->3566 3473 402f54 GetFileSize 3474 403050 3473->3474 3491 402f6b 3473->3491 3567 402e79 3474->3567 3476 403059 3478 403089 GlobalAlloc 3476->3478 3476->3492 3579 403347 SetFilePointer 3476->3579 3477 403331 ReadFile 3477->3491 3578 403347 SetFilePointer 3478->3578 3480 4030bc 3482 402e79 6 API calls 3480->3482 3482->3492 3483 403072 3485 403331 ReadFile 3483->3485 3484 4030a4 3486 403116 31 API calls 3484->3486 3487 40307d 3485->3487 3489 4030b0 3486->3489 3487->3478 3487->3492 3488 402e79 6 API calls 3488->3491 3489->3489 3490 4030ed SetFilePointer 3489->3490 3489->3492 3490->3492 3491->3474 3491->3477 3491->3480 3491->3488 3491->3492 3492->3392 3494 406694 5 API calls 3493->3494 3495 4039be 3494->3495 3496 4039c4 3495->3496 3497 4039d6 3495->3497 3592 406201 wsprintfW 3496->3592 3498 406188 3 API calls 3497->3498 3499 403a06 3498->3499 3501 403a25 lstrcatW 3499->3501 3503 406188 3 API calls 3499->3503 3502 4039d4 3501->3502 3584 403c80 3502->3584 3503->3501 3506 405c97 18 API calls 3507 403a57 3506->3507 3508 403aeb 3507->3508 3510 406188 3 API calls 3507->3510 3509 405c97 18 API calls 3508->3509 3511 403af1 3509->3511 3512 403a89 3510->3512 3513 403b01 LoadImageW 3511->3513 3514 4062dc 17 API calls 3511->3514 3512->3508 3517 403aaa lstrlenW 3512->3517 3520 405bbc CharNextW 3512->3520 3515 403ba7 3513->3515 3516 403b28 RegisterClassW 3513->3516 3514->3513 3519 40140b 2 API calls 3515->3519 3518 403b5e SystemParametersInfoW CreateWindowExW 3516->3518 3548 403bb1 3516->3548 3521 403ab8 lstrcmpiW 3517->3521 3522 403ade 3517->3522 3518->3515 3523 403bad 3519->3523 3524 403aa7 3520->3524 3521->3522 3525 403ac8 GetFileAttributesW 3521->3525 3526 405b8f 3 API calls 3522->3526 3528 403c80 18 API calls 3523->3528 3523->3548 3524->3517 3527 403ad4 3525->3527 3529 403ae4 3526->3529 3527->3522 3531 405bdb 2 API calls 3527->3531 3532 403bbe 3528->3532 3593 4062ba lstrcpynW 3529->3593 3531->3522 3533 403bca ShowWindow 3532->3533 3534 403c4d 3532->3534 3535 406624 3 API calls 3533->3535 3536 4053f5 5 API calls 3534->3536 3537 403be2 3535->3537 3538 403c53 3536->3538 3539 403bf0 GetClassInfoW 3537->3539 3542 406624 3 API calls 3537->3542 3540 403c57 3538->3540 3541 403c6f 3538->3541 3544 403c04 GetClassInfoW RegisterClassW 3539->3544 3545 403c1a DialogBoxParamW 3539->3545 3546 40140b 2 API calls 3540->3546 3540->3548 3543 40140b 2 API calls 3541->3543 3542->3539 3543->3548 3544->3545 3547 40140b 2 API calls 3545->3547 3546->3548 3547->3548 3548->3410 3549->3398 3550->3431 3551->3436 3552->3438 3553->3450 3555 4058e2 3554->3555 3556 4058d6 CloseHandle 3554->3556 3555->3450 3556->3555 3558 401389 2 API calls 3557->3558 3559 401420 3558->3559 3559->3411 3561 405dec GetTickCount GetTempFileNameW 3560->3561 3562 405e22 3561->3562 3563 40338d 3561->3563 3562->3561 3562->3563 3563->3385 3564->3467 3565->3469 3566->3473 3568 402e82 3567->3568 3569 402e9a 3567->3569 3570 402e92 3568->3570 3571 402e8b DestroyWindow 3568->3571 3572 402ea2 3569->3572 3573 402eaa GetTickCount 3569->3573 3570->3476 3571->3570 3580 4066d0 3572->3580 3575 402eb8 CreateDialogParamW ShowWindow 3573->3575 3576 402edb 3573->3576 3575->3576 3576->3476 3578->3484 3579->3483 3581 4066ed PeekMessageW 3580->3581 3582 4066e3 DispatchMessageW 3581->3582 3583 402ea8 3581->3583 3582->3581 3583->3476 3585 403c94 3584->3585 3594 406201 wsprintfW 3585->3594 3587 403d05 3595 403d39 3587->3595 3589 403d0a 3590 403a35 3589->3590 3591 4062dc 17 API calls 3589->3591 3590->3506 3591->3589 3592->3502 3593->3508 3594->3587 3596 4062dc 17 API calls 3595->3596 3597 403d47 SetWindowTextW 3596->3597 3597->3589 4127 40190f 4128 402c41 17 API calls 4127->4128 4129 401916 4128->4129 4130 405920 MessageBoxIndirectW 4129->4130 4131 40191f 4130->4131 4132 401491 4133 405322 24 API calls 4132->4133 4134 401498 4133->4134 4135 401d14 4136 402c1f 17 API calls 4135->4136 4137 401d1b 4136->4137 4138 402c1f 17 API calls 4137->4138 4139 401d27 GetDlgItem 4138->4139 4140 402592 4139->4140 4141 405296 4142 4052a6 4141->4142 4143 4052ba 4141->4143 4145 4052ac 4142->4145 4153 405303 4142->4153 4144 4052c2 IsWindowVisible 4143->4144 4147 4052d9 4143->4147 4146 4052cf 4144->4146 4144->4153 4149 40427d SendMessageW 4145->4149 4154 404bec SendMessageW 4146->4154 4148 405308 CallWindowProcW 4147->4148 4159 404c6c 4147->4159 4150 4052b6 4148->4150 4149->4150 4153->4148 4155 404c4b SendMessageW 4154->4155 4156 404c0f GetMessagePos ScreenToClient SendMessageW 4154->4156 4157 404c43 4155->4157 4156->4157 4158 404c48 4156->4158 4157->4147 4158->4155 4168 4062ba lstrcpynW 4159->4168 4161 404c7f 4169 406201 wsprintfW 4161->4169 4163 404c89 4164 40140b 2 API calls 4163->4164 4165 404c92 4164->4165 4170 4062ba lstrcpynW 4165->4170 4167 404c99 4167->4153 4168->4161 4169->4163 4170->4167 4171 402598 4172 4025c7 4171->4172 4173 4025ac 4171->4173 4175 4025fb 4172->4175 4176 4025cc 4172->4176 4174 402c1f 17 API calls 4173->4174 4181 4025b3 4174->4181 4178 402c41 17 API calls 4175->4178 4177 402c41 17 API calls 4176->4177 4179 4025d3 WideCharToMultiByte lstrlenA 4177->4179 4180 402602 lstrlenW 4178->4180 4179->4181 4180->4181 4182 40262f 4181->4182 4183 402645 4181->4183 4185 405e91 5 API calls 4181->4185 4182->4183 4184 405e62 WriteFile 4182->4184 4184->4183 4185->4182 4186 404c9e GetDlgItem GetDlgItem 4187 404cf0 7 API calls 4186->4187 4194 404f09 4186->4194 4188 404d93 DeleteObject 4187->4188 4189 404d86 SendMessageW 4187->4189 4190 404d9c 4188->4190 4189->4188 4192 404dd3 4190->4192 4193 4062dc 17 API calls 4190->4193 4191 404fed 4196 405099 4191->4196 4207 405046 SendMessageW 4191->4207 4229 404efc 4191->4229 4195 404231 18 API calls 4192->4195 4198 404db5 SendMessageW SendMessageW 4193->4198 4194->4191 4197 404f7a 4194->4197 4205 404bec 5 API calls 4194->4205 4201 404de7 4195->4201 4199 4050a3 SendMessageW 4196->4199 4200 4050ab 4196->4200 4197->4191 4203 404fdf SendMessageW 4197->4203 4198->4190 4199->4200 4204 4050d4 4200->4204 4209 4050c4 4200->4209 4210 4050bd ImageList_Destroy 4200->4210 4206 404231 18 API calls 4201->4206 4202 404298 8 API calls 4208 40528f 4202->4208 4203->4191 4212 405243 4204->4212 4228 404c6c 4 API calls 4204->4228 4233 40510f 4204->4233 4205->4197 4211 404df5 4206->4211 4213 40505b SendMessageW 4207->4213 4207->4229 4209->4204 4214 4050cd GlobalFree 4209->4214 4210->4209 4215 404eca GetWindowLongW SetWindowLongW 4211->4215 4222 404ec4 4211->4222 4225 404e45 SendMessageW 4211->4225 4226 404e81 SendMessageW 4211->4226 4227 404e92 SendMessageW 4211->4227 4216 405255 ShowWindow GetDlgItem ShowWindow 4212->4216 4212->4229 4218 40506e 4213->4218 4214->4204 4217 404ee3 4215->4217 4216->4229 4219 404f01 4217->4219 4220 404ee9 ShowWindow 4217->4220 4221 40507f SendMessageW 4218->4221 4238 404266 SendMessageW 4219->4238 4237 404266 SendMessageW 4220->4237 4221->4196 4222->4215 4222->4217 4225->4211 4226->4211 4227->4211 4228->4233 4229->4202 4230 405219 InvalidateRect 4230->4212 4231 40522f 4230->4231 4239 404ba7 4231->4239 4232 40513d SendMessageW 4236 405153 4232->4236 4233->4232 4233->4236 4235 4051c7 SendMessageW SendMessageW 4235->4236 4236->4230 4236->4235 4237->4229 4238->4194 4242 404ade 4239->4242 4241 404bbc 4241->4212 4243 404af7 4242->4243 4244 4062dc 17 API calls 4243->4244 4245 404b5b 4244->4245 4246 4062dc 17 API calls 4245->4246 4247 404b66 4246->4247 4248 4062dc 17 API calls 4247->4248 4249 404b7c lstrlenW wsprintfW SetDlgItemTextW 4248->4249 4249->4241 4250 40149e 4251 4022f7 4250->4251 4252 4014ac PostQuitMessage 4250->4252 4252->4251 3750 401c1f 3751 402c1f 17 API calls 3750->3751 3752 401c26 3751->3752 3753 402c1f 17 API calls 3752->3753 3754 401c33 3753->3754 3755 401c48 3754->3755 3757 402c41 17 API calls 3754->3757 3756 401c58 3755->3756 3758 402c41 17 API calls 3755->3758 3759 401c63 3756->3759 3760 401caf 3756->3760 3757->3755 3758->3756 3761 402c1f 17 API calls 3759->3761 3762 402c41 17 API calls 3760->3762 3763 401c68 3761->3763 3764 401cb4 3762->3764 3765 402c1f 17 API calls 3763->3765 3766 402c41 17 API calls 3764->3766 3767 401c74 3765->3767 3768 401cbd FindWindowExW 3766->3768 3769 401c81 SendMessageTimeoutW 3767->3769 3770 401c9f SendMessageW 3767->3770 3771 401cdf 3768->3771 3769->3771 3770->3771 4253 402aa0 SendMessageW 4254 402ac5 4253->4254 4255 402aba InvalidateRect 4253->4255 4255->4254 4256 402821 4257 402827 4256->4257 4258 402ac5 4257->4258 4259 40282f FindClose 4257->4259 4259->4258 4260 4043a1 lstrlenW 4261 4043c0 4260->4261 4262 4043c2 WideCharToMultiByte 4260->4262 4261->4262 4263 404722 4264 40474e 4263->4264 4265 40475f 4263->4265 4324 405904 GetDlgItemTextW 4264->4324 4267 40476b GetDlgItem 4265->4267 4273 4047ca 4265->4273 4269 40477f 4267->4269 4268 404759 4271 40654e 5 API calls 4268->4271 4272 404793 SetWindowTextW 4269->4272 4280 405c3a 4 API calls 4269->4280 4270 4048ae 4274 404a5d 4270->4274 4326 405904 GetDlgItemTextW 4270->4326 4271->4265 4276 404231 18 API calls 4272->4276 4273->4270 4273->4274 4277 4062dc 17 API calls 4273->4277 4279 404298 8 API calls 4274->4279 4281 4047af 4276->4281 4282 40483e SHBrowseForFolderW 4277->4282 4278 4048de 4283 405c97 18 API calls 4278->4283 4284 404a71 4279->4284 4285 404789 4280->4285 4286 404231 18 API calls 4281->4286 4282->4270 4287 404856 CoTaskMemFree 4282->4287 4288 4048e4 4283->4288 4285->4272 4291 405b8f 3 API calls 4285->4291 4289 4047bd 4286->4289 4290 405b8f 3 API calls 4287->4290 4327 4062ba lstrcpynW 4288->4327 4325 404266 SendMessageW 4289->4325 4293 404863 4290->4293 4291->4272 4296 40489a SetDlgItemTextW 4293->4296 4300 4062dc 17 API calls 4293->4300 4295 4047c3 4298 406694 5 API calls 4295->4298 4296->4270 4297 4048fb 4299 406694 5 API calls 4297->4299 4298->4273 4307 404902 4299->4307 4301 404882 lstrcmpiW 4300->4301 4301->4296 4304 404893 lstrcatW 4301->4304 4302 404943 4328 4062ba lstrcpynW 4302->4328 4304->4296 4305 40494a 4306 405c3a 4 API calls 4305->4306 4308 404950 GetDiskFreeSpaceW 4306->4308 4307->4302 4310 405bdb 2 API calls 4307->4310 4312 40499b 4307->4312 4311 404974 MulDiv 4308->4311 4308->4312 4310->4307 4311->4312 4313 404a0c 4312->4313 4314 404ba7 20 API calls 4312->4314 4315 404a2f 4313->4315 4317 40140b 2 API calls 4313->4317 4316 4049f9 4314->4316 4329 404253 KiUserCallbackDispatcher 4315->4329 4319 404a0e SetDlgItemTextW 4316->4319 4320 4049fe 4316->4320 4317->4315 4319->4313 4322 404ade 20 API calls 4320->4322 4321 404a4b 4321->4274 4323 40467b SendMessageW 4321->4323 4322->4313 4323->4274 4324->4268 4325->4295 4326->4278 4327->4297 4328->4305 4329->4321 4330 4015a3 4331 402c41 17 API calls 4330->4331 4332 4015aa SetFileAttributesW 4331->4332 4333 4015bc 4332->4333 4334 4029a8 4335 402c1f 17 API calls 4334->4335 4336 4029ae 4335->4336 4337 4029d5 4336->4337 4338 4029ee 4336->4338 4346 40288b 4336->4346 4341 4029da 4337->4341 4347 4029eb 4337->4347 4339 402a08 4338->4339 4340 4029f8 4338->4340 4343 4062dc 17 API calls 4339->4343 4342 402c1f 17 API calls 4340->4342 4348 4062ba lstrcpynW 4341->4348 4342->4347 4343->4347 4347->4346 4349 406201 wsprintfW 4347->4349 4348->4346 4349->4346 4350 4028ad 4351 402c41 17 API calls 4350->4351 4353 4028bb 4351->4353 4352 4028d1 4355 405d8b 2 API calls 4352->4355 4353->4352 4354 402c41 17 API calls 4353->4354 4354->4352 4356 4028d7 4355->4356 4378 405db0 GetFileAttributesW CreateFileW 4356->4378 4358 4028e4 4359 4028f0 GlobalAlloc 4358->4359 4360 402987 4358->4360 4363 402909 4359->4363 4364 40297e CloseHandle 4359->4364 4361 4029a2 4360->4361 4362 40298f DeleteFileW 4360->4362 4362->4361 4379 403347 SetFilePointer 4363->4379 4364->4360 4366 40290f 4367 403331 ReadFile 4366->4367 4368 402918 GlobalAlloc 4367->4368 4369 402928 4368->4369 4370 40295c 4368->4370 4371 403116 31 API calls 4369->4371 4372 405e62 WriteFile 4370->4372 4374 402935 4371->4374 4373 402968 GlobalFree 4372->4373 4375 403116 31 API calls 4373->4375 4376 402953 GlobalFree 4374->4376 4377 40297b 4375->4377 4376->4370 4377->4364 4378->4358 4379->4366 4380 401a30 4381 402c41 17 API calls 4380->4381 4382 401a39 ExpandEnvironmentStringsW 4381->4382 4383 401a4d 4382->4383 4385 401a60 4382->4385 4384 401a52 lstrcmpW 4383->4384 4383->4385 4384->4385 3609 402032 3610 402044 3609->3610 3620 4020f6 3609->3620 3611 402c41 17 API calls 3610->3611 3613 40204b 3611->3613 3612 401423 24 API calls 3614 402250 3612->3614 3615 402c41 17 API calls 3613->3615 3616 402054 3615->3616 3617 40206a LoadLibraryExW 3616->3617 3618 40205c GetModuleHandleW 3616->3618 3619 40207b 3617->3619 3617->3620 3618->3617 3618->3619 3629 406703 WideCharToMultiByte 3619->3629 3620->3612 3623 4020c5 3625 405322 24 API calls 3623->3625 3624 40208c 3626 401423 24 API calls 3624->3626 3627 40209c 3624->3627 3625->3627 3626->3627 3627->3614 3628 4020e8 FreeLibrary 3627->3628 3628->3614 3630 40672d GetProcAddress 3629->3630 3631 402086 3629->3631 3630->3631 3631->3623 3631->3624 4391 401735 4392 402c41 17 API calls 4391->4392 4393 40173c SearchPathW 4392->4393 4394 401757 4393->4394 4395 402a35 4396 402c1f 17 API calls 4395->4396 4397 402a3b 4396->4397 4398 402a72 4397->4398 4399 40288b 4397->4399 4401 402a4d 4397->4401 4398->4399 4400 4062dc 17 API calls 4398->4400 4400->4399 4401->4399 4403 406201 wsprintfW 4401->4403 4403->4399 4404 4014b8 4405 4014be 4404->4405 4406 401389 2 API calls 4405->4406 4407 4014c6 4406->4407 4408 401db9 GetDC 4409 402c1f 17 API calls 4408->4409 4410 401dcb GetDeviceCaps MulDiv ReleaseDC 4409->4410 4411 402c1f 17 API calls 4410->4411 4412 401dfc 4411->4412 4413 4062dc 17 API calls 4412->4413 4414 401e39 CreateFontIndirectW 4413->4414 4415 402592 4414->4415 4416 40283b 4417 402843 4416->4417 4418 402847 FindNextFileW 4417->4418 4421 402859 4417->4421 4419 4028a0 4418->4419 4418->4421 4422 4062ba lstrcpynW 4419->4422 4422->4421

                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                          Function 0040338F Relevance: 75.7, APIs: 33, Strings: 10, Instructions: 410stringfilecomCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 0 40338f-4033cc SetErrorMode GetVersion 1 4033ce-4033d6 call 406694 0->1 2 4033df 0->2 1->2 7 4033d8 1->7 4 4033e4-4033f8 call 406624 lstrlenA 2->4 9 4033fa-403416 call 406694 * 3 4->9 7->2 16 403427-403486 #17 OleInitialize SHGetFileInfoW call 4062ba GetCommandLineW call 4062ba 9->16 17 403418-40341e 9->17 24 403490-4034aa call 405bbc CharNextW 16->24 25 403488-40348f 16->25 17->16 21 403420 17->21 21->16 28 4034b0-4034b6 24->28 29 4035c1-4035db GetTempPathW call 40335e 24->29 25->24 30 4034b8-4034bd 28->30 31 4034bf-4034c3 28->31 38 403633-40364d DeleteFileW call 402edd 29->38 39 4035dd-4035fb GetWindowsDirectoryW lstrcatW call 40335e 29->39 30->30 30->31 33 4034c5-4034c9 31->33 34 4034ca-4034ce 31->34 33->34 36 4034d4-4034da 34->36 37 40358d-40359a call 405bbc 34->37 43 4034f5-40352e 36->43 44 4034dc-4034e4 36->44 54 40359c-40359d 37->54 55 40359e-4035a4 37->55 56 403653-403659 38->56 57 4036fe-40370e ExitProcess OleUninitialize 38->57 39->38 52 4035fd-40362d GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40335e 39->52 50 403530-403535 43->50 51 40354b-403585 43->51 48 4034e6-4034e9 44->48 49 4034eb 44->49 48->43 48->49 49->43 50->51 58 403537-40353f 50->58 51->37 53 403587-40358b 51->53 52->38 52->57 53->37 60 4035ac-4035ba call 4062ba 53->60 54->55 55->28 61 4035aa 55->61 62 4036ee-4036f5 call 4039aa 56->62 63 40365f-40366a call 405bbc 56->63 64 403834-40383a 57->64 65 403714-403724 call 405920 ExitProcess 57->65 66 403541-403544 58->66 67 403546 58->67 71 4035bf 60->71 61->71 80 4036fa 62->80 84 4036b8-4036c2 63->84 85 40366c-4036a1 63->85 68 4038b8-4038c0 64->68 69 40383c-403852 GetCurrentProcess OpenProcessToken 64->69 66->51 66->67 67->51 81 4038c2 68->81 82 4038c6-4038ca ExitProcess 68->82 77 403854-403882 LookupPrivilegeValueW AdjustTokenPrivileges 69->77 78 403888-403896 call 406694 69->78 71->29 77->78 92 4038a4-4038af ExitWindowsEx 78->92 93 403898-4038a2 78->93 80->57 81->82 86 4036c4-4036d2 call 405c97 84->86 87 40372a-40373e call 40588b lstrcatW 84->87 89 4036a3-4036a7 85->89 86->57 102 4036d4-4036ea call 4062ba * 2 86->102 100 403740-403746 lstrcatW 87->100 101 40374b-403765 lstrcatW lstrcmpiW 87->101 94 4036b0-4036b4 89->94 95 4036a9-4036ae 89->95 92->68 99 4038b1-4038b3 call 40140b 92->99 93->92 93->99 94->89 96 4036b6 94->96 95->94 95->96 96->84 99->68 100->101 101->57 105 403767-40376a 101->105 102->62 107 403773 call 40586e 105->107 108 40376c-403771 call 4057f1 105->108 115 403778-403786 SetCurrentDirectoryW 107->115 108->115 116 403793-4037bc call 4062ba 115->116 117 403788-40378e call 4062ba 115->117 121 4037c1-4037dd call 4062dc DeleteFileW 116->121 117->116 124 40381e-403826 121->124 125 4037df-4037ef CopyFileW 121->125 124->121 127 403828-40382f call 406080 124->127 125->124 126 4037f1-403811 call 406080 call 4062dc call 4058a3 125->126 126->124 136 403813-40381a CloseHandle 126->136 127->57 136->124
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetErrorMode.KERNELBASE ref: 004033B2
                                                                                                                                                                                                                          • GetVersion.KERNEL32 ref: 004033B8
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004033EB
                                                                                                                                                                                                                          • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 00403428
                                                                                                                                                                                                                          • OleInitialize.OLE32(00000000), ref: 0040342F
                                                                                                                                                                                                                          • SHGetFileInfoW.SHELL32(00440208,00000000,?,000002B4,00000000), ref: 0040344B
                                                                                                                                                                                                                          • GetCommandLineW.KERNEL32(00472EE0,NSIS Error,?,00000006,00000008,0000000A), ref: 00403460
                                                                                                                                                                                                                          • CharNextW.USER32(00000000,004CB000,00000020,004CB000,00000000,?,00000006,00000008,0000000A), ref: 00403498
                                                                                                                                                                                                                            • Part of subcall function 00406694: GetModuleHandleA.KERNEL32(?,00000020,?,00403401,0000000A), ref: 004066A6
                                                                                                                                                                                                                            • Part of subcall function 00406694: GetProcAddress.KERNEL32(00000000,?), ref: 004066C1
                                                                                                                                                                                                                          • GetTempPathW.KERNEL32(00002000,004DF000,?,00000006,00000008,0000000A), ref: 004035D2
                                                                                                                                                                                                                          • GetWindowsDirectoryW.KERNEL32(004DF000,00001FFB,?,00000006,00000008,0000000A), ref: 004035E3
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(004DF000,\Temp), ref: 004035EF
                                                                                                                                                                                                                          • GetTempPathW.KERNEL32(00001FFC,004DF000,004DF000,\Temp,?,00000006,00000008,0000000A), ref: 00403603
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(004DF000,Low), ref: 0040360B
                                                                                                                                                                                                                          • SetEnvironmentVariableW.KERNEL32(TEMP,004DF000,004DF000,Low,?,00000006,00000008,0000000A), ref: 0040361C
                                                                                                                                                                                                                          • SetEnvironmentVariableW.KERNEL32(TMP,004DF000,?,00000006,00000008,0000000A), ref: 00403624
                                                                                                                                                                                                                          • DeleteFileW.KERNELBASE(004DB000,?,00000006,00000008,0000000A), ref: 00403638
                                                                                                                                                                                                                            • Part of subcall function 004062BA: lstrcpynW.KERNEL32(?,?,00002000,00403460,00472EE0,NSIS Error,?,00000006,00000008,0000000A), ref: 004062C7
                                                                                                                                                                                                                          • ExitProcess.KERNEL32(00000006,?,00000006,00000008,0000000A), ref: 004036FE
                                                                                                                                                                                                                          • OleUninitialize.OLE32(00000006,?,00000006,00000008,0000000A), ref: 00403703
                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 00403724
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(004DF000,~nsu), ref: 00403737
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(004DF000,0040A26C), ref: 00403746
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(004DF000,.tmp), ref: 00403751
                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(004DF000,004D7000,004DF000,.tmp,004DF000,~nsu,004CB000,00000000,00000006,?,00000006,00000008,0000000A), ref: 0040375D
                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(004DF000,004DF000,?,00000006,00000008,0000000A), ref: 00403779
                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(0043C208,0043C208,?,0047B000,00000008,?,00000006,00000008,0000000A), ref: 004037D3
                                                                                                                                                                                                                          • CopyFileW.KERNEL32(004E7000,0043C208,00000001,?,00000006,00000008,0000000A), ref: 004037E7
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,0043C208,0043C208,?,0043C208,00000000,?,00000006,00000008,0000000A), ref: 00403814
                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000028,0000000A,00000006,00000008,0000000A), ref: 00403843
                                                                                                                                                                                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 0040384A
                                                                                                                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0040385F
                                                                                                                                                                                                                          • AdjustTokenPrivileges.ADVAPI32 ref: 00403882
                                                                                                                                                                                                                          • ExitWindowsEx.USER32(00000002,80040002), ref: 004038A7
                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 004038CA
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Processlstrcat$ExitFile$CurrentDeleteDirectoryEnvironmentHandlePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeModuleNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                                                                                                                                                                          • String ID: .tmp$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                                                                                                                          • API String ID: 424501083-3195845224
                                                                                                                                                                                                                          • Opcode ID: d8143391da9922f0f8fdd9eae6183e51d391a53b8ae8d145ad5f2599bc791527
                                                                                                                                                                                                                          • Instruction ID: 33fbdd78d52bfd04f2c73b4da217482bb076a8c6d1615cdfa2cd3638f3c4bec2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d8143391da9922f0f8fdd9eae6183e51d391a53b8ae8d145ad5f2599bc791527
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45D1F471100310AAE720BF769D45B2B3AADEB4070AF10447FF885B62E1DBBD8D55876E
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00405461 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 137 405461-40547c 138 405482-405549 GetDlgItem * 3 call 404266 call 404bbf GetClientRect GetSystemMetrics SendMessageW * 2 137->138 139 40560b-405612 137->139 160 405567-40556a 138->160 161 40554b-405565 SendMessageW * 2 138->161 141 405614-405636 GetDlgItem CreateThread FindCloseChangeNotification 139->141 142 40563c-405649 139->142 141->142 144 405667-405671 142->144 145 40564b-405651 142->145 149 405673-405679 144->149 150 4056c7-4056cb 144->150 147 405653-405662 ShowWindow * 2 call 404266 145->147 148 40568c-405695 call 404298 145->148 147->144 157 40569a-40569e 148->157 155 4056a1-4056b1 ShowWindow 149->155 156 40567b-405687 call 40420a 149->156 150->148 153 4056cd-4056d3 150->153 153->148 162 4056d5-4056e8 SendMessageW 153->162 158 4056c1-4056c2 call 40420a 155->158 159 4056b3-4056bc call 405322 155->159 156->148 158->150 159->158 166 40557a-405591 call 404231 160->166 167 40556c-405578 SendMessageW 160->167 161->160 168 4057ea-4057ec 162->168 169 4056ee-405719 CreatePopupMenu call 4062dc AppendMenuW 162->169 176 405593-4055a7 ShowWindow 166->176 177 4055c7-4055e8 GetDlgItem SendMessageW 166->177 167->166 168->157 174 40571b-40572b GetWindowRect 169->174 175 40572e-405743 TrackPopupMenu 169->175 174->175 175->168 179 405749-405760 175->179 180 4055b6 176->180 181 4055a9-4055b4 ShowWindow 176->181 177->168 178 4055ee-405606 SendMessageW * 2 177->178 178->168 182 405765-405780 SendMessageW 179->182 183 4055bc-4055c2 call 404266 180->183 181->183 182->182 184 405782-4057a5 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 182->184 183->177 186 4057a7-4057ce SendMessageW 184->186 186->186 187 4057d0-4057e4 GlobalUnlock SetClipboardData CloseClipboard 186->187 187->168
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000403), ref: 004054BF
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EE), ref: 004054CE
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0040550B
                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000002), ref: 00405512
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001061,00000000,?), ref: 00405533
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405544
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405557
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405565
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405578
                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040559A
                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 004055AE
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 004055CF
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004055DF
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004055F8
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405604
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003F8), ref: 004054DD
                                                                                                                                                                                                                            • Part of subcall function 00404266: SendMessageW.USER32(00000028,?,00000001,00404091), ref: 00404274
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 00405621
                                                                                                                                                                                                                          • CreateThread.KERNELBASE(00000000,00000000,Function_000053F5,00000000), ref: 0040562F
                                                                                                                                                                                                                          • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00405636
                                                                                                                                                                                                                          • ShowWindow.USER32(00000000), ref: 0040565A
                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 0040565F
                                                                                                                                                                                                                          • ShowWindow.USER32(00000008), ref: 004056A9
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004056DD
                                                                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 004056EE
                                                                                                                                                                                                                          • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405702
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00405722
                                                                                                                                                                                                                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040573B
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405773
                                                                                                                                                                                                                          • OpenClipboard.USER32(00000000), ref: 00405783
                                                                                                                                                                                                                          • EmptyClipboard.USER32 ref: 00405789
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405795
                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 0040579F
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 004057B3
                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 004057D3
                                                                                                                                                                                                                          • SetClipboardData.USER32(0000000D,00000000), ref: 004057DE
                                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 004057E4
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
                                                                                                                                                                                                                          • String ID: {
                                                                                                                                                                                                                          • API String ID: 4154960007-366298937
                                                                                                                                                                                                                          • Opcode ID: 3f5756e17ddf514bb7e58e27119461a6e63aa272c655e6837988b65713ff16ec
                                                                                                                                                                                                                          • Instruction ID: bae72a1d173c3811f2fd5642bc5838002141c6bee16c4b6d0499208050eeb164
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f5756e17ddf514bb7e58e27119461a6e63aa272c655e6837988b65713ff16ec
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3CB12970900608FFDB119FA0DE89EAE7B79FB48354F00413AFA45A61A0CBB55E91DF58
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004059CC Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 148filestringCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 497 4059cc-4059f2 call 405c97 500 4059f4-405a06 DeleteFileW 497->500 501 405a0b-405a12 497->501 502 405b88-405b8c 500->502 503 405a14-405a16 501->503 504 405a25-405a35 call 4062ba 501->504 505 405b36-405b3b 503->505 506 405a1c-405a1f 503->506 510 405a44-405a45 call 405bdb 504->510 511 405a37-405a42 lstrcatW 504->511 505->502 509 405b3d-405b40 505->509 506->504 506->505 512 405b42-405b48 509->512 513 405b4a-405b52 call 4065fd 509->513 514 405a4a-405a4e 510->514 511->514 512->502 513->502 521 405b54-405b68 call 405b8f call 405984 513->521 517 405a50-405a58 514->517 518 405a5a-405a60 lstrcatW 514->518 517->518 520 405a65-405a81 lstrlenW FindFirstFileW 517->520 518->520 522 405a87-405a8f 520->522 523 405b2b-405b2f 520->523 537 405b80-405b83 call 405322 521->537 538 405b6a-405b6d 521->538 527 405a91-405a99 522->527 528 405aaf-405ac3 call 4062ba 522->528 523->505 526 405b31 523->526 526->505 531 405a9b-405aa3 527->531 532 405b0e-405b1e FindNextFileW 527->532 539 405ac5-405acd 528->539 540 405ada-405ae5 call 405984 528->540 531->528 533 405aa5-405aad 531->533 532->522 536 405b24-405b25 FindClose 532->536 533->528 533->532 536->523 537->502 538->512 541 405b6f-405b7e call 405322 call 406080 538->541 539->532 542 405acf-405ad3 call 4059cc 539->542 550 405b06-405b09 call 405322 540->550 551 405ae7-405aea 540->551 541->502 549 405ad8 542->549 549->532 550->532 554 405aec-405afc call 405322 call 406080 551->554 555 405afe-405b04 551->555 554->532 555->532
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • DeleteFileW.KERNELBASE(?,?,004DF000,76233420,00000000), ref: 004059F5
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(00460250,\*.*), ref: 00405A3D
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,0040A014), ref: 00405A60
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(?,?,0040A014,?,00460250,?,?,004DF000,76233420,00000000), ref: 00405A66
                                                                                                                                                                                                                          • FindFirstFileW.KERNELBASE(00460250,?,?,?,0040A014,?,00460250,?,?,004DF000,76233420,00000000), ref: 00405A76
                                                                                                                                                                                                                          • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405B16
                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00405B25
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                          • String ID: \*.*
                                                                                                                                                                                                                          • API String ID: 2035342205-1173974218
                                                                                                                                                                                                                          • Opcode ID: 381ae1539308b0fff5c23660480c7799636f68814d34eb948432fba1f876741c
                                                                                                                                                                                                                          • Instruction ID: 3baa02bdf70247edfb0f680676f8bffda79515ede8bd61e7e13478a9eee65f3b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 381ae1539308b0fff5c23660480c7799636f68814d34eb948432fba1f876741c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E141D430900914AACB21AB618C89ABF7778EF45369F10427FF801711D1D77CAD81DE6E
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004065FD Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FindFirstFileW.KERNELBASE(004DF000,00468298,00464250,00405CE0,00464250,00464250,00000000,00464250,00464250,004DF000,?,76233420,004059EC,?,004DF000,76233420), ref: 00406608
                                                                                                                                                                                                                          • FindClose.KERNELBASE(00000000), ref: 00406614
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2295610775-0
                                                                                                                                                                                                                          • Opcode ID: f7cd178be2e6469beafc72b660366141f3ce998a63a06fca00c04ee689428cf9
                                                                                                                                                                                                                          • Instruction ID: 086872f0bf6ffc0fec3bf9e050170664210a11ef237051a194e92f35cf11c1a2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f7cd178be2e6469beafc72b660366141f3ce998a63a06fca00c04ee689428cf9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52D012315455205BC7001B386E0C85B7B599F553317158F37F46AF51E0DB758C62869D
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00402104 Relevance: 1.6, APIs: 1, Instructions: 129comCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CoCreateInstance.OLE32(004085F0,?,00000001,004085E0,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402183
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateInstance
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 542301482-0
                                                                                                                                                                                                                          • Opcode ID: 6add73535d334bbd10faeab47eb29d8a703edf5c42766cfe57afeb0baa1f3480
                                                                                                                                                                                                                          • Instruction ID: 6590b0d0bd135a94e5278e34c2007f8374f9804fe0c2ec815525577e7f77d17f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6add73535d334bbd10faeab47eb29d8a703edf5c42766cfe57afeb0baa1f3480
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01414C71A00208AFCF04DFE4C988A9D7BB5FF48314B24457AF915EB2E0DBB99981CB44
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00403D58 Relevance: 48.3, APIs: 32, Instructions: 346windowstringCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 188 403d58-403d6a 189 403d70-403d76 188->189 190 403eab-403eba 188->190 189->190 191 403d7c-403d85 189->191 192 403f09-403f1e 190->192 193 403ebc-403f04 GetDlgItem * 2 call 404231 SetClassLongW call 40140b 190->193 196 403d87-403d94 SetWindowPos 191->196 197 403d9a-403d9d 191->197 194 403f20-403f23 192->194 195 403f5e-403f63 call 40427d 192->195 193->192 199 403f25-403f30 call 401389 194->199 200 403f56-403f58 194->200 207 403f68-403f83 195->207 196->197 202 403db7-403dbd 197->202 203 403d9f-403db1 ShowWindow 197->203 199->200 221 403f32-403f51 SendMessageW 199->221 200->195 206 4041fe 200->206 208 403dd9-403ddc 202->208 209 403dbf-403dd4 DestroyWindow 202->209 203->202 214 404200-404207 206->214 212 403f85-403f87 call 40140b 207->212 213 403f8c-403f92 207->213 217 403dde-403dea SetWindowLongW 208->217 218 403def-403df5 208->218 215 4041db-4041e1 209->215 212->213 224 403f98-403fa3 213->224 225 4041bc-4041d5 DestroyWindow EndDialog 213->225 215->206 223 4041e3-4041e9 215->223 217->214 219 403e98-403ea6 call 404298 218->219 220 403dfb-403e0c GetDlgItem 218->220 219->214 226 403e2b-403e2e 220->226 227 403e0e-403e25 SendMessageW IsWindowEnabled 220->227 221->214 223->206 229 4041eb-4041f4 ShowWindow 223->229 224->225 230 403fa9-403ff6 call 4062dc call 404231 * 3 GetDlgItem 224->230 225->215 231 403e30-403e31 226->231 232 403e33-403e36 226->232 227->206 227->226 229->206 258 404000-40403c ShowWindow KiUserCallbackDispatcher call 404253 EnableWindow 230->258 259 403ff8-403ffd 230->259 235 403e61-403e66 call 40420a 231->235 236 403e44-403e49 232->236 237 403e38-403e3e 232->237 235->219 241 403e7f-403e92 SendMessageW 236->241 242 403e4b-403e51 236->242 240 403e40-403e42 237->240 237->241 240->235 241->219 246 403e53-403e59 call 40140b 242->246 247 403e68-403e71 call 40140b 242->247 256 403e5f 246->256 247->219 255 403e73-403e7d 247->255 255->256 256->235 262 404041 258->262 263 40403e-40403f 258->263 259->258 264 404043-404071 GetSystemMenu EnableMenuItem SendMessageW 262->264 263->264 265 404073-404084 SendMessageW 264->265 266 404086 264->266 267 40408c-4040cb call 404266 call 403d39 call 4062ba lstrlenW call 4062dc SetWindowTextW call 401389 265->267 266->267 267->207 278 4040d1-4040d3 267->278 278->207 279 4040d9-4040dd 278->279 280 4040fc-404110 DestroyWindow 279->280 281 4040df-4040e5 279->281 280->215 282 404116-404143 CreateDialogParamW 280->282 281->206 283 4040eb-4040f1 281->283 282->215 284 404149-4041a0 call 404231 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 282->284 283->207 285 4040f7 283->285 284->206 290 4041a2-4041b5 ShowWindow call 40427d 284->290 285->206 292 4041ba 290->292 292->215
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403D94
                                                                                                                                                                                                                          • ShowWindow.USER32(?), ref: 00403DB1
                                                                                                                                                                                                                          • DestroyWindow.USER32 ref: 00403DC5
                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403DE1
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,?), ref: 00403E02
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403E16
                                                                                                                                                                                                                          • IsWindowEnabled.USER32(00000000), ref: 00403E1D
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000001), ref: 00403ECB
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000002), ref: 00403ED5
                                                                                                                                                                                                                          • SetClassLongW.USER32(?,000000F2,?), ref: 00403EEF
                                                                                                                                                                                                                          • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403F40
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000003), ref: 00403FE6
                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,?), ref: 00404007
                                                                                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404019
                                                                                                                                                                                                                          • EnableWindow.USER32(?,?), ref: 00404034
                                                                                                                                                                                                                          • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040404A
                                                                                                                                                                                                                          • EnableMenuItem.USER32(00000000), ref: 00404051
                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00404069
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040407C
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(00450248,?,00450248,00000000), ref: 004040A6
                                                                                                                                                                                                                          • SetWindowTextW.USER32(?,00450248), ref: 004040BA
                                                                                                                                                                                                                          • ShowWindow.USER32(?,0000000A), ref: 004041EE
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3282139019-0
                                                                                                                                                                                                                          • Opcode ID: fc0f4d7be1e4c82c86fade982caad82dc734dafc7249948e3003efd3e17736fb
                                                                                                                                                                                                                          • Instruction ID: ebd8885eb79f40fe398f9982bcc50e4b60f6275a3dc5f5776bcae5bce4ead0d0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fc0f4d7be1e4c82c86fade982caad82dc734dafc7249948e3003efd3e17736fb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AFC1D5B1500304ABDB206F61EE88E2B3A78FB95346F00053EF645B51F1CB799891DB6E
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004039AA Relevance: 38.7, APIs: 13, Strings: 9, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 293 4039aa-4039c2 call 406694 296 4039c4-4039d4 call 406201 293->296 297 4039d6-403a0d call 406188 293->297 306 403a30-403a59 call 403c80 call 405c97 296->306 302 403a25-403a2b lstrcatW 297->302 303 403a0f-403a20 call 406188 297->303 302->306 303->302 311 403aeb-403af3 call 405c97 306->311 312 403a5f-403a64 306->312 318 403b01-403b26 LoadImageW 311->318 319 403af5-403afc call 4062dc 311->319 312->311 313 403a6a-403a92 call 406188 312->313 313->311 320 403a94-403a98 313->320 322 403ba7-403baf call 40140b 318->322 323 403b28-403b58 RegisterClassW 318->323 319->318 324 403aaa-403ab6 lstrlenW 320->324 325 403a9a-403aa7 call 405bbc 320->325 336 403bb1-403bb4 322->336 337 403bb9-403bc4 call 403c80 322->337 326 403c76 323->326 327 403b5e-403ba2 SystemParametersInfoW CreateWindowExW 323->327 331 403ab8-403ac6 lstrcmpiW 324->331 332 403ade-403ae6 call 405b8f call 4062ba 324->332 325->324 330 403c78-403c7f 326->330 327->322 331->332 335 403ac8-403ad2 GetFileAttributesW 331->335 332->311 339 403ad4-403ad6 335->339 340 403ad8-403ad9 call 405bdb 335->340 336->330 346 403bca-403be4 ShowWindow call 406624 337->346 347 403c4d-403c4e call 4053f5 337->347 339->332 339->340 340->332 352 403bf0-403c02 GetClassInfoW 346->352 353 403be6-403beb call 406624 346->353 351 403c53-403c55 347->351 354 403c57-403c5d 351->354 355 403c6f-403c71 call 40140b 351->355 359 403c04-403c14 GetClassInfoW RegisterClassW 352->359 360 403c1a-403c3d DialogBoxParamW call 40140b 352->360 353->352 354->336 356 403c63-403c6a call 40140b 354->356 355->326 356->336 359->360 364 403c42-403c4b call 4038fa 360->364 364->330
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00406694: GetModuleHandleA.KERNEL32(?,00000020,?,00403401,0000000A), ref: 004066A6
                                                                                                                                                                                                                            • Part of subcall function 00406694: GetProcAddress.KERNEL32(00000000,?), ref: 004066C1
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(004DB000,00450248), ref: 00403A2B
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(Remove folder: ,?,?,?,Remove folder: ,00000000,004CF000,004DB000,00450248,80000001,Control Panel\Desktop\ResourceLocale,00000000,00450248,00000000,00000002,004DF000), ref: 00403AAB
                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,.exe,Remove folder: ,?,?,?,Remove folder: ,00000000,004CF000,004DB000,00450248,80000001,Control Panel\Desktop\ResourceLocale,00000000,00450248,00000000), ref: 00403ABE
                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(Remove folder: ), ref: 00403AC9
                                                                                                                                                                                                                          • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004CF000), ref: 00403B12
                                                                                                                                                                                                                            • Part of subcall function 00406201: wsprintfW.USER32 ref: 0040620E
                                                                                                                                                                                                                          • RegisterClassW.USER32(00472E80), ref: 00403B4F
                                                                                                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403B67
                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403B9C
                                                                                                                                                                                                                          • ShowWindow.USER32(00000005,00000000), ref: 00403BD2
                                                                                                                                                                                                                          • GetClassInfoW.USER32(00000000,RichEdit20W,00472E80), ref: 00403BFE
                                                                                                                                                                                                                          • GetClassInfoW.USER32(00000000,RichEdit,00472E80), ref: 00403C0B
                                                                                                                                                                                                                          • RegisterClassW.USER32(00472E80), ref: 00403C14
                                                                                                                                                                                                                          • DialogBoxParamW.USER32(?,00000000,00403D58,00000000), ref: 00403C33
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                          • String ID: .DEFAULT\Control Panel\International$.exe$Control Panel\Desktop\ResourceLocale$Remove folder: $RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                                                                                                          • API String ID: 1975747703-564491471
                                                                                                                                                                                                                          • Opcode ID: f1b2be5f89fac0cbf9958f47fdf3d8daba4c0bfed37b59ff3d0d792caf125e20
                                                                                                                                                                                                                          • Instruction ID: e946f9b6b947081a315c1f95bc525aa973ad4f651662e5f5477bf26fdb3bf1de
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f1b2be5f89fac0cbf9958f47fdf3d8daba4c0bfed37b59ff3d0d792caf125e20
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B361C8302407007ED720AF669E45E2B3A6CEB8474AF40417FF985B51E2DBBD5951CB2E
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004062DC Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 209stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 367 4062dc-4062e7 368 4062e9-4062f8 367->368 369 4062fa-406310 367->369 368->369 370 406316-406323 369->370 371 406528-40652e 369->371 370->371 374 406329-406330 370->374 372 406534-40653f 371->372 373 406335-406342 371->373 376 406541-406545 call 4062ba 372->376 377 40654a-40654b 372->377 373->372 375 406348-406354 373->375 374->371 378 406515 375->378 379 40635a-406398 375->379 376->377 383 406523-406526 378->383 384 406517-406521 378->384 381 4064b8-4064bc 379->381 382 40639e-4063a9 379->382 387 4064be-4064c4 381->387 388 4064ef-4064f3 381->388 385 4063c2 382->385 386 4063ab-4063b0 382->386 383->371 384->371 392 4063c9-4063d0 385->392 386->385 389 4063b2-4063b5 386->389 390 4064d4-4064e0 call 4062ba 387->390 391 4064c6-4064d2 call 406201 387->391 393 406502-406513 lstrlenW 388->393 394 4064f5-4064fd call 4062dc 388->394 389->385 396 4063b7-4063ba 389->396 405 4064e5-4064eb 390->405 391->405 398 4063d2-4063d4 392->398 399 4063d5-4063d7 392->399 393->371 394->393 396->385 401 4063bc-4063c0 396->401 398->399 403 406412-406415 399->403 404 4063d9-406400 call 406188 399->404 401->392 406 406425-406428 403->406 407 406417-406423 GetSystemDirectoryW 403->407 417 4064a0-4064a3 404->417 418 406406-40640d call 4062dc 404->418 405->393 409 4064ed 405->409 411 406493-406495 406->411 412 40642a-406438 GetWindowsDirectoryW 406->412 410 406497-40649b 407->410 414 4064b0-4064b6 call 40654e 409->414 410->414 419 40649d 410->419 411->410 416 40643a-406444 411->416 412->411 414->393 422 406446-406449 416->422 423 40645e-406474 SHGetSpecialFolderLocation 416->423 417->414 420 4064a5-4064ab lstrcatW 417->420 418->410 419->417 420->414 422->423 426 40644b-406452 422->426 427 406476-40648d SHGetPathFromIDListW CoTaskMemFree 423->427 428 40648f 423->428 429 40645a-40645c 426->429 427->410 427->428 428->411 429->410 429->423
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(Remove folder: ,00002000), ref: 0040641D
                                                                                                                                                                                                                          • GetWindowsDirectoryW.KERNEL32(Remove folder: ,00002000,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\,?,00405359,Remove folder: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\,00000000), ref: 00406430
                                                                                                                                                                                                                          • SHGetSpecialFolderLocation.SHELL32(00405359,0042CE00,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\,?,00405359,Remove folder: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\,00000000), ref: 0040646C
                                                                                                                                                                                                                          • SHGetPathFromIDListW.SHELL32(0042CE00,Remove folder: ), ref: 0040647A
                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(0042CE00), ref: 00406485
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 004064AB
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\,?,00405359,Remove folder: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\,00000000), ref: 00406503
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                                                                                                                                                                          • String ID: Remove folder: $Remove folder: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                          • API String ID: 717251189-781215667
                                                                                                                                                                                                                          • Opcode ID: 412c271bb9d070f278564469311d6f605cf1b48e62db3e13451b1dc2679c3c4f
                                                                                                                                                                                                                          • Instruction ID: deb4280fb9253f119c0dee44fead77f8699473dbe43bed35a1e393a154a8df3c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 412c271bb9d070f278564469311d6f605cf1b48e62db3e13451b1dc2679c3c4f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87612371A00115AADF209F64DC44BAE37A5EF45318F22803FE907B62D0D77D9AA1C75E
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00402EDD Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 430 402edd-402f2b GetTickCount GetModuleFileNameW call 405db0 433 402f37-402f65 call 4062ba call 405bdb call 4062ba GetFileSize 430->433 434 402f2d-402f32 430->434 442 403052-403060 call 402e79 433->442 443 402f6b 433->443 435 40310f-403113 434->435 449 403062-403065 442->449 450 4030b5-4030ba 442->450 445 402f70-402f87 443->445 447 402f89 445->447 448 402f8b-402f94 call 403331 445->448 447->448 456 402f9a-402fa1 448->456 457 4030bc-4030c4 call 402e79 448->457 452 403067-40307f call 403347 call 403331 449->452 453 403089-4030b3 GlobalAlloc call 403347 call 403116 449->453 450->435 452->450 478 403081-403087 452->478 453->450 476 4030c6-4030d7 453->476 461 402fa3-402fb7 call 405d6b 456->461 462 40301d-403021 456->462 457->450 467 40302b-403031 461->467 481 402fb9-402fc0 461->481 466 403023-40302a call 402e79 462->466 462->467 466->467 473 403040-40304a 467->473 474 403033-40303d call 406787 467->474 473->445 477 403050 473->477 474->473 483 4030d9 476->483 484 4030df-4030e4 476->484 477->442 478->450 478->453 481->467 482 402fc2-402fc9 481->482 482->467 486 402fcb-402fd2 482->486 483->484 487 4030e5-4030eb 484->487 486->467 488 402fd4-402fdb 486->488 487->487 489 4030ed-403108 SetFilePointer call 405d6b 487->489 488->467 490 402fdd-402ffd 488->490 493 40310d 489->493 490->450 492 403003-403007 490->492 494 403009-40300d 492->494 495 40300f-403017 492->495 493->435 494->477 494->495 495->467 496 403019-40301b 495->496 496->467
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00402EEE
                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,004E7000,00002000,?,00000006,00000008,0000000A), ref: 00402F0A
                                                                                                                                                                                                                            • Part of subcall function 00405DB0: GetFileAttributesW.KERNELBASE(004E7000,00402F1D,004E7000,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405DB4
                                                                                                                                                                                                                            • Part of subcall function 00405DB0: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DD6
                                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,004EB000,00000000,004D7000,004D7000,004E7000,004E7000,80000000,00000003,?,00000006,00000008,0000000A), ref: 00402F56
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • Inst, xrefs: 00402FC2
                                                                                                                                                                                                                          • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004030B5
                                                                                                                                                                                                                          • Error launching installer, xrefs: 00402F2D
                                                                                                                                                                                                                          • soft, xrefs: 00402FCB
                                                                                                                                                                                                                          • Null, xrefs: 00402FD4
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                          • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                                          • API String ID: 4283519449-527102705
                                                                                                                                                                                                                          • Opcode ID: 6fdf7a3c576b274adc95fc68e3ac1b8cc101307f87f608dfe476064d1f7918cb
                                                                                                                                                                                                                          • Instruction ID: d807cc789e5c0b6659aec278a7977cb1897ccc82e3fedab9e592eb30a9b28e48
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6fdf7a3c576b274adc95fc68e3ac1b8cc101307f87f608dfe476064d1f7918cb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23511671901205ABDB20AF61DD85B9F7FACEB0431AF20403BF914B62D5C7789E818B9D
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 561 40176f-401794 call 402c41 call 405c06 566 401796-40179c call 4062ba 561->566 567 40179e-4017b0 call 4062ba call 405b8f lstrcatW 561->567 572 4017b5-4017b6 call 40654e 566->572 567->572 576 4017bb-4017bf 572->576 577 4017c1-4017cb call 4065fd 576->577 578 4017f2-4017f5 576->578 586 4017dd-4017ef 577->586 587 4017cd-4017db CompareFileTime 577->587 580 4017f7-4017f8 call 405d8b 578->580 581 4017fd-401819 call 405db0 578->581 580->581 588 40181b-40181e 581->588 589 40188d-4018b6 call 405322 call 403116 581->589 586->578 587->586 590 401820-40185e call 4062ba * 2 call 4062dc call 4062ba call 405920 588->590 591 40186f-401879 call 405322 588->591 603 4018b8-4018bc 589->603 604 4018be-4018ca SetFileTime 589->604 590->576 623 401864-401865 590->623 601 401882-401888 591->601 605 402ace 601->605 603->604 607 4018d0-4018db FindCloseChangeNotification 603->607 604->607 611 402ad0-402ad4 605->611 608 4018e1-4018e4 607->608 609 402ac5-402ac8 607->609 612 4018e6-4018f7 call 4062dc lstrcatW 608->612 613 4018f9-4018fc call 4062dc 608->613 609->605 619 401901-4022fc call 405920 612->619 613->619 619->609 619->611 623->601 625 401867-401868 623->625 625->591
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                                                                                                                                                                          • CompareFileTime.KERNEL32(-00000014,?,ExecShellAsUser,ExecShellAsUser,00000000,00000000,ExecShellAsUser,004D3000,?,?,00000031), ref: 004017D5
                                                                                                                                                                                                                            • Part of subcall function 004062BA: lstrcpynW.KERNEL32(?,?,00002000,00403460,00472EE0,NSIS Error,?,00000006,00000008,0000000A), ref: 004062C7
                                                                                                                                                                                                                            • Part of subcall function 00405322: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\,00000000,0042CE00,762323A0,?,?,?,?,?,?,?,?,?,0040327A,00000000,?), ref: 0040535A
                                                                                                                                                                                                                            • Part of subcall function 00405322: lstrlenW.KERNEL32(0040327A,Remove folder: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\,00000000,0042CE00,762323A0,?,?,?,?,?,?,?,?,?,0040327A,00000000), ref: 0040536A
                                                                                                                                                                                                                            • Part of subcall function 00405322: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\,0040327A), ref: 0040537D
                                                                                                                                                                                                                            • Part of subcall function 00405322: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\), ref: 0040538F
                                                                                                                                                                                                                            • Part of subcall function 00405322: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004053B5
                                                                                                                                                                                                                            • Part of subcall function 00405322: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053CF
                                                                                                                                                                                                                            • Part of subcall function 00405322: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053DD
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nss10B5.tmp$C:\Users\user\AppData\Local\Temp\nss10B5.tmp\StdUtils.dll$ExecShellAsUser
                                                                                                                                                                                                                          • API String ID: 1941528284-4138572920
                                                                                                                                                                                                                          • Opcode ID: 84cc1ef8d08a74648e49299eefb5f22073aa957ae4a4092afed5da839c45f715
                                                                                                                                                                                                                          • Instruction ID: c6e8234c1d4b6e0ef99598e998ad36802638a9a190aaa2bd7459f070bf199d51
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 84cc1ef8d08a74648e49299eefb5f22073aa957ae4a4092afed5da839c45f715
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9841B471900514BACF107BA5CD45DAF3A79EF05368F20423FF422B10E1DA3C86919A6E
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00406624 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 627 406624-406644 GetSystemDirectoryW 628 406646 627->628 629 406648-40664a 627->629 628->629 630 40665b-40665d 629->630 631 40664c-406655 629->631 633 40665e-406691 wsprintfW LoadLibraryExW 630->633 631->630 632 406657-406659 631->632 632->633
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0040663B
                                                                                                                                                                                                                          • wsprintfW.USER32 ref: 00406676
                                                                                                                                                                                                                          • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 0040668A
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                                          • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                                                                                                          • API String ID: 2200240437-1946221925
                                                                                                                                                                                                                          • Opcode ID: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                                                                                                                                                                                          • Instruction ID: 9fa172bba6ca99a644905d2b6d7ed641771312ed853c50fe9922007c80c3d461
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7CF0FC70501119A6CF10BB64DD0EF9B365CA700304F10447AA54AF10D1EBB9DB64CB99
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00403116 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 166COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 634 403116-40312d 635 403136-40313f 634->635 636 40312f 634->636 637 403141 635->637 638 403148-40314d 635->638 636->635 637->638 639 40315d-40316a call 403331 638->639 640 40314f-403158 call 403347 638->640 644 403170-403174 639->644 645 40331f 639->645 640->639 646 4032ca-4032cc 644->646 647 40317a-4031c3 GetTickCount 644->647 648 403321-403322 645->648 649 40330c-40330f 646->649 650 4032ce-4032d1 646->650 651 403327 647->651 652 4031c9-4031d1 647->652 653 40332a-40332e 648->653 657 403311 649->657 658 403314-40331d call 403331 649->658 650->651 654 4032d3 650->654 651->653 655 4031d3 652->655 656 4031d6-4031e4 call 403331 652->656 659 4032d6-4032dc 654->659 655->656 656->645 668 4031ea-4031f3 656->668 657->658 658->645 666 403324 658->666 663 4032e0-4032ee call 403331 659->663 664 4032de 659->664 663->645 671 4032f0-4032f5 call 405e62 663->671 664->663 666->651 670 4031f9-403219 call 4067f5 668->670 676 4032c2-4032c4 670->676 677 40321f-403232 GetTickCount 670->677 675 4032fa-4032fc 671->675 678 4032c6-4032c8 675->678 679 4032fe-403308 675->679 676->648 680 403234-40323c 677->680 681 40327d-40327f 677->681 678->648 679->659 684 40330a 679->684 685 403244-40327a MulDiv wsprintfW call 405322 680->685 686 40323e-403242 680->686 682 403281-403285 681->682 683 4032b6-4032ba 681->683 688 403287-40328e call 405e62 682->688 689 40329c-4032a7 682->689 683->652 690 4032c0 683->690 684->651 685->681 686->681 686->685 694 403293-403295 688->694 693 4032aa-4032ae 689->693 690->651 693->670 695 4032b4 693->695 694->678 696 403297-40329a 694->696 695->651 696->693
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CountTick$wsprintf
                                                                                                                                                                                                                          • String ID: ... %d%%
                                                                                                                                                                                                                          • API String ID: 551687249-2449383134
                                                                                                                                                                                                                          • Opcode ID: 791be84a4dbf0ce6e2b89685bbb0426d8c944effbebd544c9fcf1485a6d681ca
                                                                                                                                                                                                                          • Instruction ID: f437ad28db75119c3a693f92e670aa5c34007c7df9fe8e0debaece40423bbb79
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 791be84a4dbf0ce6e2b89685bbb0426d8c944effbebd544c9fcf1485a6d681ca
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D517D71900219DBDB10DF66EA44AAE7BB8AB04356F54417FEC14B72C0CB388A51CBA9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00401C1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 697 401c1f-401c3f call 402c1f * 2 702 401c41-401c48 call 402c41 697->702 703 401c4b-401c4f 697->703 702->703 704 401c51-401c58 call 402c41 703->704 705 401c5b-401c61 703->705 704->705 708 401c63-401c7f call 402c1f * 2 705->708 709 401caf-401cd9 call 402c41 * 2 FindWindowExW 705->709 721 401c81-401c9d SendMessageTimeoutW 708->721 722 401c9f-401cad SendMessageW 708->722 720 401cdf 709->720 723 401ce2-401ce5 720->723 721->723 722->720 724 402ac5-402ad4 723->724 725 401ceb 723->725 725->724
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C8F
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CA7
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$Timeout
                                                                                                                                                                                                                          • String ID: !
                                                                                                                                                                                                                          • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                          • Opcode ID: 3fb84e4798befa08d55ab41dd677560f87883767086f956b8989b4831fa63046
                                                                                                                                                                                                                          • Instruction ID: 1af55e8da281c8781352e9764615226c40e2312ccaecb42dabcb88ef8baddf82
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3fb84e4798befa08d55ab41dd677560f87883767086f956b8989b4831fa63046
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5621C371948209AEEF049FB5DE4AABE7BB4EF84304F14443EF605B61D0D7B889809B19
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004023E4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 728 4023e4-402415 call 402c41 * 2 call 402cd1 735 402ac5-402ad4 728->735 736 40241b-402425 728->736 737 402427-402434 call 402c41 lstrlenW 736->737 738 402438-40243b 736->738 737->738 740 40243d-40244e call 402c1f 738->740 741 40244f-402452 738->741 740->741 745 402463-402477 RegSetValueExW 741->745 746 402454-40245e call 403116 741->746 750 402479 745->750 751 40247c-40255d RegCloseKey 745->751 746->745 750->751 751->735
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nss10B5.tmp,00000023,00000011,00000002), ref: 0040242F
                                                                                                                                                                                                                          • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nss10B5.tmp,00000000,00000011,00000002), ref: 0040246F
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nss10B5.tmp,00000000,00000011,00000002), ref: 00402557
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseValuelstrlen
                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nss10B5.tmp
                                                                                                                                                                                                                          • API String ID: 2655323295-1580852868
                                                                                                                                                                                                                          • Opcode ID: 1af8095f3c9504d2ce798825688ccba5ec512a5a8ae6ba4a7bc3247cfd6f00f3
                                                                                                                                                                                                                          • Instruction ID: a703f9f7a84a81219e2528cb215680d2185ac4e531b753f9c0eacf199e84c27d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1af8095f3c9504d2ce798825688ccba5ec512a5a8ae6ba4a7bc3247cfd6f00f3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF118471D00104BEEB10AFA5DE89EAEBA74AB44754F11803BF504F71D1D7F48D409B29
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004057F1 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 753 4057f1-40583c CreateDirectoryW 754 405842-40584f GetLastError 753->754 755 40583e-405840 753->755 756 405869-40586b 754->756 757 405851-405865 SetFileSecurityW 754->757 755->756 757->755 758 405867 GetLastError 757->758 758->756
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 00405834
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00405848
                                                                                                                                                                                                                          • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 0040585D
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00405867
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3449924974-0
                                                                                                                                                                                                                          • Opcode ID: 817c7eeb2e6ade2cce28f3b9d2e4670c9c7091e2f59c9eba6f9578a5288f1365
                                                                                                                                                                                                                          • Instruction ID: d156970015101e62572267df52bf1fb018b172c5ebb67f048bc3511340661aba
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 817c7eeb2e6ade2cce28f3b9d2e4670c9c7091e2f59c9eba6f9578a5288f1365
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB010872D00219EADF009FA1C944BEFBBB8EF14304F00803AE945B6280D7789618CFA9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00405C97 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 759 405c97-405cb2 call 4062ba call 405c3a 764 405cb4-405cb6 759->764 765 405cb8-405cc5 call 40654e 759->765 766 405d10-405d12 764->766 769 405cd5-405cd9 765->769 770 405cc7-405ccd 765->770 772 405cef-405cf8 lstrlenW 769->772 770->764 771 405ccf-405cd3 770->771 771->764 771->769 773 405cfa-405d0e call 405b8f GetFileAttributesW 772->773 774 405cdb-405ce2 call 4065fd 772->774 773->766 779 405ce4-405ce7 774->779 780 405ce9-405cea call 405bdb 774->780 779->764 779->780 780->772
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 004062BA: lstrcpynW.KERNEL32(?,?,00002000,00403460,00472EE0,NSIS Error,?,00000006,00000008,0000000A), ref: 004062C7
                                                                                                                                                                                                                            • Part of subcall function 00405C3A: CharNextW.USER32(?,?,00464250,?,00405CAE,00464250,00464250,004DF000,?,76233420,004059EC,?,004DF000,76233420,00000000), ref: 00405C48
                                                                                                                                                                                                                            • Part of subcall function 00405C3A: CharNextW.USER32(00000000), ref: 00405C4D
                                                                                                                                                                                                                            • Part of subcall function 00405C3A: CharNextW.USER32(00000000), ref: 00405C65
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(00464250,00000000,00464250,00464250,004DF000,?,76233420,004059EC,?,004DF000,76233420,00000000), ref: 00405CF0
                                                                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(00464250,00464250,00464250,00464250,00464250,00464250,00000000,00464250,00464250,004DF000,?,76233420,004059EC,?,004DF000,76233420), ref: 00405D00
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                                          • String ID: PBF
                                                                                                                                                                                                                          • API String ID: 3248276644-3456974464
                                                                                                                                                                                                                          • Opcode ID: 1236b3014a845ece28ca986cac263987dd07c4e4a123605a37d0802bd6a8cdf3
                                                                                                                                                                                                                          • Instruction ID: 4e01e145a0ed536ad24acc563e8a85444835dd946e40d448b56664b374cc0476
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1236b3014a845ece28ca986cac263987dd07c4e4a123605a37d0802bd6a8cdf3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21F0F43500DF6125F626333A1C45AAF2555CE82328B6A057FFC62B12D2DA3C89539D7E
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00405DDF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 782 405ddf-405deb 783 405dec-405e20 GetTickCount GetTempFileNameW 782->783 784 405e22-405e24 783->784 785 405e2f-405e31 783->785 784->783 786 405e26 784->786 787 405e29-405e2c 785->787 786->787
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00405DFD
                                                                                                                                                                                                                          • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,004CB000,0040338D,004DB000,004DF000,004DF000,004DF000,004DF000,004DF000,76233420,004035D9), ref: 00405E18
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CountFileNameTempTick
                                                                                                                                                                                                                          • String ID: nsa
                                                                                                                                                                                                                          • API String ID: 1716503409-2209301699
                                                                                                                                                                                                                          • Opcode ID: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                                                                                                                                                                                          • Instruction ID: af8b6ba947558e1b0daa3aed001b6e0f80e178ffca66ecedc63f3e0829e9a41e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61F03076A00304FBEB009F69ED05E9FB7BCEB95710F10803AE941E7250E6B09A548B64
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00402032 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 0040205D
                                                                                                                                                                                                                            • Part of subcall function 00405322: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\,00000000,0042CE00,762323A0,?,?,?,?,?,?,?,?,?,0040327A,00000000,?), ref: 0040535A
                                                                                                                                                                                                                            • Part of subcall function 00405322: lstrlenW.KERNEL32(0040327A,Remove folder: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\,00000000,0042CE00,762323A0,?,?,?,?,?,?,?,?,?,0040327A,00000000), ref: 0040536A
                                                                                                                                                                                                                            • Part of subcall function 00405322: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\,0040327A), ref: 0040537D
                                                                                                                                                                                                                            • Part of subcall function 00405322: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\), ref: 0040538F
                                                                                                                                                                                                                            • Part of subcall function 00405322: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004053B5
                                                                                                                                                                                                                            • Part of subcall function 00405322: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053CF
                                                                                                                                                                                                                            • Part of subcall function 00405322: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053DD
                                                                                                                                                                                                                          • LoadLibraryExW.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 0040206E
                                                                                                                                                                                                                          • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 004020EB
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 334405425-0
                                                                                                                                                                                                                          • Opcode ID: 72a5e19f9697d1318c9a310d29b5b60265bfdb2e952e74c10cb73e1909f0eb38
                                                                                                                                                                                                                          • Instruction ID: 3abd81b96889d1c7eb1cceed2e7b5e281284f1a6e6a9a5ff44b88a827c8e1d1c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72a5e19f9697d1318c9a310d29b5b60265bfdb2e952e74c10cb73e1909f0eb38
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8821B071D00205AACF20AFA5CE48A9E7A70BF04358F60413BF511B11E0DBBD8981DA6E
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00401B77 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GlobalFree.KERNELBASE(008F6848), ref: 00401BE7
                                                                                                                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,00004004), ref: 00401BF9
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Global$AllocFree
                                                                                                                                                                                                                          • String ID: ExecShellAsUser
                                                                                                                                                                                                                          • API String ID: 3394109436-869331269
                                                                                                                                                                                                                          • Opcode ID: 0ee5b69d2cfb3a0a2e0f3aae0319e9b1983c649d140d642359d16bc307d41886
                                                                                                                                                                                                                          • Instruction ID: 2ffc4b8e8b305263ff1bfe934f744a2e7f0909984677ca7ca3d2d917788d1148
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ee5b69d2cfb3a0a2e0f3aae0319e9b1983c649d140d642359d16bc307d41886
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52210A76600100ABCB10FF95CE8499E73A8EB48318BA4443FF506F32D0DB78A852DB6D
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00402259 Relevance: 4.6, APIs: 3, Instructions: 51stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 004065FD: FindFirstFileW.KERNELBASE(004DF000,00468298,00464250,00405CE0,00464250,00464250,00000000,00464250,00464250,004DF000,?,76233420,004059EC,?,004DF000,76233420), ref: 00406608
                                                                                                                                                                                                                            • Part of subcall function 004065FD: FindClose.KERNELBASE(00000000), ref: 00406614
                                                                                                                                                                                                                          • lstrlenW.KERNEL32 ref: 00402299
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(00000000), ref: 004022A4
                                                                                                                                                                                                                          • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004022CD
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileFindlstrlen$CloseFirstOperation
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1486964399-0
                                                                                                                                                                                                                          • Opcode ID: 29d6f0bed4bd2d50b69dd1226e545e03bb95794d8620927361660d91590f24b0
                                                                                                                                                                                                                          • Instruction ID: edc96df04b91ed766a503f65766f364d086ea8d205cfe5bb15309c141496b913
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 29d6f0bed4bd2d50b69dd1226e545e03bb95794d8620927361660d91590f24b0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 57117071900318A6DB10EFF98E4999EB7B8AF04344F50443FB805F72D1D6B8C4419B59
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00405984 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00405D8B: GetFileAttributesW.KERNELBASE(?,?,00405990,?,?,00000000,00405B66,?,?,?,?), ref: 00405D90
                                                                                                                                                                                                                            • Part of subcall function 00405D8B: SetFileAttributesW.KERNELBASE(?,00000000), ref: 00405DA4
                                                                                                                                                                                                                          • RemoveDirectoryW.KERNELBASE(?,?,?,00000000,00405B66), ref: 0040599F
                                                                                                                                                                                                                          • DeleteFileW.KERNELBASE(?,?,?,00000000,00405B66), ref: 004059A7
                                                                                                                                                                                                                          • SetFileAttributesW.KERNEL32(?,00000000), ref: 004059BF
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1655745494-0
                                                                                                                                                                                                                          • Opcode ID: 280825f6b60181aa2d378306bbdc3da53de5ab3d89a200e418c4f7b9ea6af3cc
                                                                                                                                                                                                                          • Instruction ID: 825022a906987a8d14f11fb4079f6fb6242afe5a54bc5f1377d2c32e3c215ab4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 280825f6b60181aa2d378306bbdc3da53de5ab3d89a200e418c4f7b9ea6af3cc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1E0E5B1119F5096D21067349A0CB5B2AA4DF86334F05093AF891F11C0DB3844068EBE
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004015C1 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00405C3A: CharNextW.USER32(?,?,00464250,?,00405CAE,00464250,00464250,004DF000,?,76233420,004059EC,?,004DF000,76233420,00000000), ref: 00405C48
                                                                                                                                                                                                                            • Part of subcall function 00405C3A: CharNextW.USER32(00000000), ref: 00405C4D
                                                                                                                                                                                                                            • Part of subcall function 00405C3A: CharNextW.USER32(00000000), ref: 00405C65
                                                                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                                                                                                                            • Part of subcall function 004057F1: CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 00405834
                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNELBASE(?,004D3000,?,00000000,000000F0), ref: 0040164D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1892508949-0
                                                                                                                                                                                                                          • Opcode ID: 125bac33416d21a80fc522b842b933099275dd0dd1ea66691da55d5ffdcd1f5d
                                                                                                                                                                                                                          • Instruction ID: 536d45c59d08a7b21130d9dbd5b0e10796a041e4a40079992e14d28e29d42f71
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 125bac33416d21a80fc522b842b933099275dd0dd1ea66691da55d5ffdcd1f5d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2211E231504505EBCF30AFA1CD0159F36A0EF14369B28493BFA45B22F1DB3E8A919B5E
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00402484 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004024B5
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nss10B5.tmp,00000000,00000011,00000002), ref: 00402557
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseQueryValue
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3356406503-0
                                                                                                                                                                                                                          • Opcode ID: 8c6ae37f0c00b40db9a7f0b8771259aad396ca2ebfe9c6ecab15c5ec5bd387db
                                                                                                                                                                                                                          • Instruction ID: 1206e07bb255176646816810ef0290bee69920d7ecde6c9ccbb84b14c6b4306b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c6ae37f0c00b40db9a7f0b8771259aad396ca2ebfe9c6ecab15c5ec5bd387db
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E311A771D10205EBDF14DFA4CA585AE77B4EF44348B20843FE505B72C0D6B89A41EB5E
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                                          • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                                                          • Opcode ID: be076caaca7df3d109edefedbdc7bfa3a965653d784c315eb79774cf5cfe89e5
                                                                                                                                                                                                                          • Instruction ID: ea42f58d7670a619ed9131e80823b54190387dbc53765a55c310ef4228f9fff3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: be076caaca7df3d109edefedbdc7bfa3a965653d784c315eb79774cf5cfe89e5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF0128316202109BE7095B789E04B2A3798E710315F10463FF855F62F1D6B8CC829B5C
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004053F5 Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • OleInitialize.OLE32(00000000), ref: 00405405
                                                                                                                                                                                                                            • Part of subcall function 0040427D: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040428F
                                                                                                                                                                                                                          • OleUninitialize.OLE32(00000404,00000000), ref: 00405451
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InitializeMessageSendUninitialize
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2896919175-0
                                                                                                                                                                                                                          • Opcode ID: a1f8c397b5266fa352d60afbf9b4c77fa9abc53c67a054b05b22dcb893a39c3f
                                                                                                                                                                                                                          • Instruction ID: 7813e2a1ccdf537c56c01956b79198a0443dbd649336f33e6835a7e221d2fb99
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1f8c397b5266fa352d60afbf9b4c77fa9abc53c67a054b05b22dcb893a39c3f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ABF090B25406009BE7015B549D01BAB7760EFD431AF05443EFF89B22E0D77948928E6E
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00401E49 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,00000000), ref: 00401E67
                                                                                                                                                                                                                          • EnableWindow.USER32(00000000,00000000), ref: 00401E72
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$EnableShow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1136574915-0
                                                                                                                                                                                                                          • Opcode ID: 87f8232cb56b7a5d6ce9856bfa50bd061077f9975d19b3a51d23438555d97d86
                                                                                                                                                                                                                          • Instruction ID: fc8c1c2e7d4a5a8f9e35cd12a8e681b154a8316ed36a6d041aa31def844ca7e2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87f8232cb56b7a5d6ce9856bfa50bd061077f9975d19b3a51d23438555d97d86
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61E01A72E082008FE724ABA5AA495AD77B4EB90365B20847FE211F11D1DA7858819F6A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00406694 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(?,00000020,?,00403401,0000000A), ref: 004066A6
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 004066C1
                                                                                                                                                                                                                            • Part of subcall function 00406624: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0040663B
                                                                                                                                                                                                                            • Part of subcall function 00406624: wsprintfW.USER32 ref: 00406676
                                                                                                                                                                                                                            • Part of subcall function 00406624: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 0040668A
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2547128583-0
                                                                                                                                                                                                                          • Opcode ID: 2c450699f5e5c6ed5e41876474a170b73f17b01a65d70064c3ee9ca103cb2d45
                                                                                                                                                                                                                          • Instruction ID: 155b38c425e345f43688a0673e138072f65e923c2ca09dacbbabb210d44f0fbf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c450699f5e5c6ed5e41876474a170b73f17b01a65d70064c3ee9ca103cb2d45
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50E0863250461156D31197709E4487762EC9B95750307483EF946F2091DB399C36A66D
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00403915 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FreeLibrary.KERNELBASE(?,004DF000,00000000,76233420,004038ED,00403703,00000006,?,00000006,00000008,0000000A), ref: 0040392F
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 00403936
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Free$GlobalLibrary
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1100898210-0
                                                                                                                                                                                                                          • Opcode ID: bd7b370b1f223a5589d226506ef49f546026ce3eccc4315b581019b2d362f361
                                                                                                                                                                                                                          • Instruction ID: 228f896298dd83b048f64e6024dd5859bf02c68f9830d759f3998b57695c5827
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd7b370b1f223a5589d226506ef49f546026ce3eccc4315b581019b2d362f361
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12E0C2334122205BC6215F04ED08B5A776CAF49B32F15407AFA807B2A087B81C928FC8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00405DB0 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(004E7000,00402F1D,004E7000,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405DB4
                                                                                                                                                                                                                          • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DD6
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: File$AttributesCreate
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 415043291-0
                                                                                                                                                                                                                          • Opcode ID: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                                                                                                                                                                                          • Instruction ID: 684cdbd871a87963be1dc25f749e3f1c2e3aca1a790447dc63e6e481d8426dbe
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5DD09E31254301AFEF098F20DE16F2EBBA2EB84B05F11552CB786940E0DA7158199B15
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00405D8B Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(?,?,00405990,?,?,00000000,00405B66,?,?,?,?), ref: 00405D90
                                                                                                                                                                                                                          • SetFileAttributesW.KERNELBASE(?,00000000), ref: 00405DA4
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                                                                          • Opcode ID: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                                                                                                                                                                                          • Instruction ID: fe430eedc911e7c92ce83e5abbc00e08444bb0e311ec0623c818608bfa408f6d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1BD0C972504420ABD2512728AF0C89BBB95DB542717028B39FAA9A22B0CB304C568A98
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004038D0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(FFFFFFFF,00403703,00000006,?,00000006,00000008,0000000A), ref: 004038DB
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\nss10B5.tmp\, xrefs: 004038EF
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseHandle
                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\
                                                                                                                                                                                                                          • API String ID: 2962429428-1515490445
                                                                                                                                                                                                                          • Opcode ID: 6cd6e50f5f17456ee504dea1d279a22ffa05636b30f87aa31bf8984a95f31d7c
                                                                                                                                                                                                                          • Instruction ID: f79f1cdd038f729e9031bf35a7c7ad7adb8aafebcc14ea038f42f7e62efb972e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6cd6e50f5f17456ee504dea1d279a22ffa05636b30f87aa31bf8984a95f31d7c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69C0127054070496C1206F759D4F6193E54AB8173BB604776B0B8B10F1C77C4B59595E
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040586E Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(?,00000000,00403382,004DF000,004DF000,004DF000,004DF000,76233420,004035D9,?,00000006,00000008,0000000A), ref: 00405874
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 00405882
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1375471231-0
                                                                                                                                                                                                                          • Opcode ID: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                                                                                                                                                                                          • Instruction ID: b5712d1dc6f90c91938fb9970759bfac189bcafefc635788875416fd9ee2894b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2FC04C712155019ED7546F619F08B277A50EB60781F158839A946E10E0DB348465ED2D
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00406155 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402CF2,00000000,?,?), ref: 0040617E
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Create
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2289755597-0
                                                                                                                                                                                                                          • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                                                                                                                                          • Instruction ID: dcb86bc894ab99bc20e37dc8a6176b737b641c0fdee4176656c7f25b47436c56
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75E0E6B2110109BEEF195F50DD0AD7B375DE704304F01452EFA06D4091E6B5AD315634
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00405E62 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,004032FA,000000FF,00428200,?,00428200,?,?,00000004,00000000), ref: 00405E76
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileWrite
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3934441357-0
                                                                                                                                                                                                                          • Opcode ID: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                                                                                                                                                          • Instruction ID: 8754e0b6f25d564075f0081c534dd79b85a2df0f0bc88b3642164a4a3ec1e455
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FDE0B63221065AAFDF109F95DC00AAB7B6CEB052A0F044437FD59E7150D671EA21DAE4
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00405E33 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,00403344,00000000,00000000,00403168,?,00000004,00000000,00000000,00000000), ref: 00405E47
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileRead
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2738559852-0
                                                                                                                                                                                                                          • Opcode ID: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                                                                                                                                                          • Instruction ID: bd732019988057c431ec21c3a2c50b1292625b962aa4d7912315599e48db2a91
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9E08C3220021AABCF20AF54DC00FEB3B6CEB05760F004832FD65E6040E230EA219BE8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00406127 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,004061B5,?,00000000,?,?,Remove folder: ,?), ref: 0040614B
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Open
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 71445658-0
                                                                                                                                                                                                                          • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                                                                                                                                                          • Instruction ID: b908bd292ce434c6339c018d18c1e3bfafdd2f7559b63d477f04a141d62eba1a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94D0123214020DFBDF119E909D01FAB775DAB08350F014426FE06A9191D776D530AB14
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00404231 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetDlgItemTextW.USER32(?,?,00000000), ref: 0040424B
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ItemText
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3367045223-0
                                                                                                                                                                                                                          • Opcode ID: fbaad98f197721c3337b4145f660dfcccd1462cc21775b0cc75c291dee439915
                                                                                                                                                                                                                          • Instruction ID: 58c8b0ee816a9f079cb4560b894257bfb9dfa06490f5d5235509ae25e2c95a64
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fbaad98f197721c3337b4145f660dfcccd1462cc21775b0cc75c291dee439915
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79C04C76148300BFD681BB55CC42F1FB79DEF94315F44C52EB59CA11E2C63A84309B26
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040427D Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040428F
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                                                          • Opcode ID: df53f0ac968c80b2573d185eedc41732bb4466fa0b660203ffcc6a72f8356a2c
                                                                                                                                                                                                                          • Instruction ID: 539d97cecbd0a6245bb22c05259f77f590d4a0b0d5c0f28d123e3a53dcb21da8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df53f0ac968c80b2573d185eedc41732bb4466fa0b660203ffcc6a72f8356a2c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6C09BB27403007BDE11CB909E49F1777545790740F18447DB348F51E0D6B4D490D61C
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00403347 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetFilePointer.KERNELBASE(?,00000000,00000000,004030A4,?,?,00000006,00000008,0000000A), ref: 00403355
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FilePointer
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 973152223-0
                                                                                                                                                                                                                          • Opcode ID: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                                                                                                                                                          • Instruction ID: c7266a3154837caca095f11e7777f6dda2278cbf6cff4ee7664d3894fc3aa091
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ECB01271240300BFDA214F00DF09F057B21AB90700F10C034B348380F086711035EB0D
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00404266 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageW.USER32(00000028,?,00000001,00404091), ref: 00404274
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                                                          • Opcode ID: 916ba585e608d634958797641490031ceb4b368d387894d1e0aab50b7c43ae9e
                                                                                                                                                                                                                          • Instruction ID: 80b1fa8ab317a3fb83bf0bb9afc1fcb2ede285a6b5c9b7890d3d6fe7da01b763
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 916ba585e608d634958797641490031ceb4b368d387894d1e0aab50b7c43ae9e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69B092361C4600AAEE118B50DE49F497A62E7A4702F008138B244640B0CAB200E0DB09
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00404253 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(?,0040402A), ref: 0040425D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2492992576-0
                                                                                                                                                                                                                          • Opcode ID: ea082ecd867c03a11dfd78164402b3a9c9d6e2ba96aa803d9d5c73deeff3904d
                                                                                                                                                                                                                          • Instruction ID: 6a6b83ba7992c3eb947fe44f0607646ae594aefa1fc7371f7d6a783f6fb0b7b0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea082ecd867c03a11dfd78164402b3a9c9d6e2ba96aa803d9d5c73deeff3904d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4EA002754445019BCF015B50DF098057A61F7A4701B114479B5555103596314860EB19
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                          Function 00404C9E Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003F9), ref: 00404CB6
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000408), ref: 00404CC1
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00404D0B
                                                                                                                                                                                                                          • LoadBitmapW.USER32(0000006E), ref: 00404D1E
                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000FC,00405296), ref: 00404D37
                                                                                                                                                                                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D4B
                                                                                                                                                                                                                          • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404D5D
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001109,00000002), ref: 00404D73
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404D7F
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404D91
                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00404D94
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404DBF
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404DCB
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E61
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404E8C
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404EA0
                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00404ECF
                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404EDD
                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000005), ref: 00404EEE
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404FEB
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00405050
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405065
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405089
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 004050A9
                                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(?), ref: 004050BE
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 004050CE
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405147
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001102,?,?), ref: 004051F0
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004051FF
                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 0040521F
                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000000), ref: 0040526D
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003FE), ref: 00405278
                                                                                                                                                                                                                          • ShowWindow.USER32(00000000), ref: 0040527F
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                          • String ID: $M$N
                                                                                                                                                                                                                          • API String ID: 1638840714-813528018
                                                                                                                                                                                                                          • Opcode ID: 21818fa51d6b588aeca07265a4b81a3a3b935111f3ce34767c97606af49217ff
                                                                                                                                                                                                                          • Instruction ID: 350e9793ba1948ff1935c4af006ad7833f39553502bf8ecbcf91bc97059cc7bb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 21818fa51d6b588aeca07265a4b81a3a3b935111f3ce34767c97606af49217ff
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C0281B0900209AFDB10DFA4DD85AAE7BB5FB44314F10417AF614BA2E1C7799D92CF58
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00404722 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 275stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003FB), ref: 00404771
                                                                                                                                                                                                                          • SetWindowTextW.USER32(00000000,?), ref: 0040479B
                                                                                                                                                                                                                          • SHBrowseForFolderW.SHELL32(?), ref: 0040484C
                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 00404857
                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(Remove folder: ,00450248,00000000,?,?), ref: 00404889
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,Remove folder: ), ref: 00404895
                                                                                                                                                                                                                          • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004048A7
                                                                                                                                                                                                                            • Part of subcall function 00405904: GetDlgItemTextW.USER32(?,?,00002000,004048DE), ref: 00405917
                                                                                                                                                                                                                            • Part of subcall function 0040654E: CharNextW.USER32(?,*?|<>/":,00000000,00000000,004DF000,004DF000,004CB000,0040336A,004DF000,76233420,004035D9,?,00000006,00000008,0000000A), ref: 004065B1
                                                                                                                                                                                                                            • Part of subcall function 0040654E: CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004065C0
                                                                                                                                                                                                                            • Part of subcall function 0040654E: CharNextW.USER32(?,00000000,004DF000,004DF000,004CB000,0040336A,004DF000,76233420,004035D9,?,00000006,00000008,0000000A), ref: 004065C5
                                                                                                                                                                                                                            • Part of subcall function 0040654E: CharPrevW.USER32(?,?,004DF000,004DF000,004CB000,0040336A,004DF000,76233420,004035D9,?,00000006,00000008,0000000A), ref: 004065D8
                                                                                                                                                                                                                          • GetDiskFreeSpaceW.KERNEL32(00440218,?,?,0000040F,?,00440218,00440218,?,00000001,00440218,?,?,000003FB,?), ref: 0040496A
                                                                                                                                                                                                                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404985
                                                                                                                                                                                                                            • Part of subcall function 00404ADE: lstrlenW.KERNEL32(00450248,00450248,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B7F
                                                                                                                                                                                                                            • Part of subcall function 00404ADE: wsprintfW.USER32 ref: 00404B88
                                                                                                                                                                                                                            • Part of subcall function 00404ADE: SetDlgItemTextW.USER32(?,00450248), ref: 00404B9B
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                          • String ID: A$Remove folder:
                                                                                                                                                                                                                          • API String ID: 2624150263-1936035403
                                                                                                                                                                                                                          • Opcode ID: d9ff5aa2ff53ffbe0c3723e23dc604a8a31f393e15f5d8e1a009d79f52351d08
                                                                                                                                                                                                                          • Instruction ID: aec38ac33e169681c2ce75898e964705c21f391e9d8eef84a8e49708370a7c65
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d9ff5aa2ff53ffbe0c3723e23dc604a8a31f393e15f5d8e1a009d79f52351d08
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0CA173B1900208ABDB11AFA5CD45AAF77B8EF84314F10847BF605B62D1D77C99418F6D
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00402868 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402877
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileFindFirst
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1974802433-0
                                                                                                                                                                                                                          • Opcode ID: 54b460b755f9bf27e46ac1d39a8a1124328dc74cebdc85c095498b08f8838b6a
                                                                                                                                                                                                                          • Instruction ID: 11d43fc069a5ea90b0fea77c2c23c6da8a8dfc92bb9fdb714ff4c9b8b345b962
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 54b460b755f9bf27e46ac1d39a8a1124328dc74cebdc85c095498b08f8838b6a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9BF08271A14104EFDB00EBA4DA499ADB378EF04314F6045BBF515F21D1DBB45D909B2A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00406B15 Relevance: .3, Instructions: 334COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9639f9c0007cb4c124acbb6985d7f6f1a05031d6bc3fffd11e08744ca1378656
                                                                                                                                                                                                                          • Instruction ID: 703def0becceeecb9d8561ea32c53bcab4b84ebc773a8a1d0b412cad538f794c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9639f9c0007cb4c124acbb6985d7f6f1a05031d6bc3fffd11e08744ca1378656
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1EE1797190470ADFDB24CF99C880BAAB7F5FF44305F15852EE497A7291E378AA91CB04
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004072EC Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0e4e8af0329ccb159007ad6c77c0af05cb35f857c46231da8f5d0a1659340364
                                                                                                                                                                                                                          • Instruction ID: 59779062152899835760f0dc2f5c49596223a290c6efd11eddd93cbc7c663e45
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e4e8af0329ccb159007ad6c77c0af05cb35f857c46231da8f5d0a1659340364
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0FC15831E04219DBDF18CF68C8905EEBBB2BF88314F25866AC85677380D734A942CF95
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004043F0 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040448E
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E8), ref: 004044A2
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004044BF
                                                                                                                                                                                                                          • GetSysColor.USER32(?), ref: 004044D0
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004044DE
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004044EC
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(?), ref: 004044F1
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004044FE
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404513
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,0000040A), ref: 0040456C
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000), ref: 00404573
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E8), ref: 0040459E
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004045E1
                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F02), ref: 004045EF
                                                                                                                                                                                                                          • SetCursor.USER32(00000000), ref: 004045F2
                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 0040460B
                                                                                                                                                                                                                          • SetCursor.USER32(00000000), ref: 0040460E
                                                                                                                                                                                                                          • SendMessageW.USER32(00000111,00000001,00000000), ref: 0040463D
                                                                                                                                                                                                                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 0040464F
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                                                                                          • String ID: N$Remove folder: $gC@
                                                                                                                                                                                                                          • API String ID: 3103080414-3559505530
                                                                                                                                                                                                                          • Opcode ID: 96cce4fce431ccadf5917f17b99feddee1f1d895ae547b1ae29d71d99e1dfbb5
                                                                                                                                                                                                                          • Instruction ID: 3402c350d7270d9961c63d8365249516a5ebc70a9ec23ab72cb453283ebd69b0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 96cce4fce431ccadf5917f17b99feddee1f1d895ae547b1ae29d71d99e1dfbb5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7761BEB1900209BFDB009F60DD85EAA7B69FB85305F00843AF705B62D0D77D9961CF99
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                          • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                                          • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                                          • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                                                                                          • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                                          • DrawTextW.USER32(00000000,00472EE0,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                                          • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                          • String ID: F
                                                                                                                                                                                                                          • API String ID: 941294808-1304234792
                                                                                                                                                                                                                          • Opcode ID: bf214f377d6857cb708af565e6f61848071267d92be3f24c40ffd1659e9a65ef
                                                                                                                                                                                                                          • Instruction ID: 4eb8147a30471c2b969484520d7d1b1c24976f3a1718a772f7b725b3b94c1b26
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf214f377d6857cb708af565e6f61848071267d92be3f24c40ffd1659e9a65ef
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C418A71800249AFCF058FA5DE459AF7BB9FF44314F00842AF991AA1A0C778D954DFA4
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00405F06 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,004060A1,?,?), ref: 00405F41
                                                                                                                                                                                                                          • GetShortPathNameW.KERNEL32(?,004688E8,00000400), ref: 00405F4A
                                                                                                                                                                                                                            • Part of subcall function 00405D15: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D25
                                                                                                                                                                                                                            • Part of subcall function 00405D15: lstrlenA.KERNEL32(00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D57
                                                                                                                                                                                                                          • GetShortPathNameW.KERNEL32(?,004690E8,00000400), ref: 00405F67
                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 00405F85
                                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,004690E8,C0000000,00000004,004690E8,?,?,?,?,?), ref: 00405FC0
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405FCF
                                                                                                                                                                                                                          • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406007
                                                                                                                                                                                                                          • SetFilePointer.KERNEL32(0040A560,00000000,00000000,00000000,00000000,004684E8,00000000,-0000000A,0040A560,00000000,[Rename],00000000,00000000,00000000), ref: 0040605D
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 0040606E
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00406075
                                                                                                                                                                                                                            • Part of subcall function 00405DB0: GetFileAttributesW.KERNELBASE(004E7000,00402F1D,004E7000,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405DB4
                                                                                                                                                                                                                            • Part of subcall function 00405DB0: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DD6
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                                                                                          • String ID: %ls=%ls$[Rename]
                                                                                                                                                                                                                          • API String ID: 2171350718-461813615
                                                                                                                                                                                                                          • Opcode ID: b694a888aaf83b7fce4c3b5560ec35c5a1d29ec5cfaa1e3dee45fb0367e4abd5
                                                                                                                                                                                                                          • Instruction ID: 1ccef14564d3a4e3590f6d96bf23d62cdd24cd7414a0bd79904b9c13782922cd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b694a888aaf83b7fce4c3b5560ec35c5a1d29ec5cfaa1e3dee45fb0367e4abd5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08312530641B05BBC220AB659D48F6B3AACDF45744F15003FFA42F72C2EB7C98118AAD
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00405322 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\,00000000,0042CE00,762323A0,?,?,?,?,?,?,?,?,?,0040327A,00000000,?), ref: 0040535A
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(0040327A,Remove folder: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\,00000000,0042CE00,762323A0,?,?,?,?,?,?,?,?,?,0040327A,00000000), ref: 0040536A
                                                                                                                                                                                                                          • lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\,0040327A), ref: 0040537D
                                                                                                                                                                                                                          • SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\), ref: 0040538F
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004053B5
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053CF
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001013,?,00000000), ref: 004053DD
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                                                                          • String ID: Remove folder: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\
                                                                                                                                                                                                                          • API String ID: 2531174081-2308157194
                                                                                                                                                                                                                          • Opcode ID: 03d69ce82fc4e5908464ead601bb3ac1f64f2a51dd32175340e58c4215b781fb
                                                                                                                                                                                                                          • Instruction ID: c4a8b4fbc7344707c8dcd13f789004ac01d88f238d1262f53b2d1dabcf784db2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 03d69ce82fc4e5908464ead601bb3ac1f64f2a51dd32175340e58c4215b781fb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F21A171900518BBCB11AFA5DD849CFBFB9EF45350F10807AF904B62A0C7B94A80DFA8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00404298 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000EB), ref: 004042B5
                                                                                                                                                                                                                          • GetSysColor.USER32(00000000), ref: 004042F3
                                                                                                                                                                                                                          • SetTextColor.GDI32(?,00000000), ref: 004042FF
                                                                                                                                                                                                                          • SetBkMode.GDI32(?,?), ref: 0040430B
                                                                                                                                                                                                                          • GetSysColor.USER32(?), ref: 0040431E
                                                                                                                                                                                                                          • SetBkColor.GDI32(?,?), ref: 0040432E
                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00404348
                                                                                                                                                                                                                          • CreateBrushIndirect.GDI32(?), ref: 00404352
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2320649405-0
                                                                                                                                                                                                                          • Opcode ID: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                                                                                                                                                                                                          • Instruction ID: a3c6a1d12b74a4a342abaca89036a15a37f51972f1e3113ed1cbee018e9c0b42
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 772156716007059BC724DF78D948B5B77F4AF81710B04893DED96A26E0D734E544CB54
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040264A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,?,?), ref: 004026B6
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 004026F1
                                                                                                                                                                                                                          • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 00402714
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 0040272A
                                                                                                                                                                                                                            • Part of subcall function 00405E91: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405EA7
                                                                                                                                                                                                                          • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 004027D6
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                                                                                          • String ID: 9
                                                                                                                                                                                                                          • API String ID: 163830602-2366072709
                                                                                                                                                                                                                          • Opcode ID: 14dc679b194e2ee8669cd1598f353bf1a997ac59cdf020ac1a3b5a5ea93b2031
                                                                                                                                                                                                                          • Instruction ID: 75c70889326ed48cf653b65eedce39ba48716a77e36bbd16e72a3e0392bfe49c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14dc679b194e2ee8669cd1598f353bf1a997ac59cdf020ac1a3b5a5ea93b2031
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C511975D00219AEDF219F95DA88AAEB779FF04304F10443BE901B72D0DBB89982CB58
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00404BEC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404C07
                                                                                                                                                                                                                          • GetMessagePos.USER32 ref: 00404C0F
                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00404C29
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404C3B
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404C61
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                          • String ID: f
                                                                                                                                                                                                                          • API String ID: 41195575-1993550816
                                                                                                                                                                                                                          • Opcode ID: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                                                                                                                                                          • Instruction ID: 457ccdd811883e010b73e4973708530e0d9e00004b69c5e73a61d7a3cd07de8f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF015271900218BAEB10DBA4DD85BFEBBBCAF95711F10412BBA50B71D0D7B499018BA4
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00401DB9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDC.USER32(?), ref: 00401DBC
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DD6
                                                                                                                                                                                                                          • MulDiv.KERNEL32(00000000,00000000), ref: 00401DDE
                                                                                                                                                                                                                          • ReleaseDC.USER32(?,00000000), ref: 00401DEF
                                                                                                                                                                                                                          • CreateFontIndirectW.GDI32(0041E5D0), ref: 00401E3E
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                                                                                                          • String ID: MS Shell Dlg
                                                                                                                                                                                                                          • API String ID: 3808545654-76309092
                                                                                                                                                                                                                          • Opcode ID: 0e1e500c30e805fc948415589c08143fac03f34b0e69f739ebe91b2620e6c296
                                                                                                                                                                                                                          • Instruction ID: 2f87ef527a079fcd98b3174ff93e15f92fad6858fb92d4176ae60913c966d855
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e1e500c30e805fc948415589c08143fac03f34b0e69f739ebe91b2620e6c296
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A01B575604240BFE700ABF1AE0ABDD7FB5AB55309F10887DF641B61E2DA7840458B2D
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00402DF3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402E11
                                                                                                                                                                                                                          • MulDiv.KERNEL32(04A6E772,00000064,04A70F2E), ref: 00402E3C
                                                                                                                                                                                                                          • wsprintfW.USER32 ref: 00402E4C
                                                                                                                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 00402E5C
                                                                                                                                                                                                                          • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402E6E
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • verifying installer: %d%%, xrefs: 00402E46
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                          • String ID: verifying installer: %d%%
                                                                                                                                                                                                                          • API String ID: 1451636040-82062127
                                                                                                                                                                                                                          • Opcode ID: 087799c81dd47644162d60d698aafe3a885b0c6ac9c219555e2ca42e9c1670eb
                                                                                                                                                                                                                          • Instruction ID: dfd142ddc65d39fdaa73b229a9921dc7c235b7e072e3123d651e00bd55f03bcf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 087799c81dd47644162d60d698aafe3a885b0c6ac9c219555e2ca42e9c1670eb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60014F7164020CABEF209F60DE49FAE3B69AB44304F008439FA06B51E0DBB895558B98
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004028AD Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 00402901
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 0040291D
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 00402956
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00402969
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402981
                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402995
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2667972263-0
                                                                                                                                                                                                                          • Opcode ID: ff87bf99e36aab27b6384dee017154e4bdeff7ac382f3b09721b2446f84e6f42
                                                                                                                                                                                                                          • Instruction ID: 85d8fb478e53a7d33050a02afe9876517184a336e4e72b82bbd0c3cba42884f9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff87bf99e36aab27b6384dee017154e4bdeff7ac382f3b09721b2446f84e6f42
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D121AEB1800128BBDF116FA5DE89DDE7E79EF08364F14423AF960762E0CB794C418B98
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040654E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CharNextW.USER32(?,*?|<>/":,00000000,00000000,004DF000,004DF000,004CB000,0040336A,004DF000,76233420,004035D9,?,00000006,00000008,0000000A), ref: 004065B1
                                                                                                                                                                                                                          • CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004065C0
                                                                                                                                                                                                                          • CharNextW.USER32(?,00000000,004DF000,004DF000,004CB000,0040336A,004DF000,76233420,004035D9,?,00000006,00000008,0000000A), ref: 004065C5
                                                                                                                                                                                                                          • CharPrevW.USER32(?,?,004DF000,004DF000,004CB000,0040336A,004DF000,76233420,004035D9,?,00000006,00000008,0000000A), ref: 004065D8
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Char$Next$Prev
                                                                                                                                                                                                                          • String ID: *?|<>/":
                                                                                                                                                                                                                          • API String ID: 589700163-165019052
                                                                                                                                                                                                                          • Opcode ID: f2dbc7d310367101a7bf5127f564121aa95c210a65fb008c6410ea5a4ac792ac
                                                                                                                                                                                                                          • Instruction ID: 36fae6fd7d65e337959ab81909abbfc549fe516cf0b4c9ff473ab524d2c4c229
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2dbc7d310367101a7bf5127f564121aa95c210a65fb008c6410ea5a4ac792ac
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B611B65580061279DB302B14BC40EB762F8EF54764F56403FED86732C8EBBC5C9292AD
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00402598 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nss10B5.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nss10B5.tmp\StdUtils.dll,00002000,?,?,00000021), ref: 004025E8
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nss10B5.tmp\StdUtils.dll,?,?,C:\Users\user\AppData\Local\Temp\nss10B5.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nss10B5.tmp\StdUtils.dll,00002000,?,?,00000021), ref: 004025F3
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ByteCharMultiWidelstrlen
                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nss10B5.tmp$C:\Users\user\AppData\Local\Temp\nss10B5.tmp\StdUtils.dll
                                                                                                                                                                                                                          • API String ID: 3109718747-832804268
                                                                                                                                                                                                                          • Opcode ID: 991fae946bdf019a7c315e2a20c045ecd4589044c4e58f1009f440a7fe048d5b
                                                                                                                                                                                                                          • Instruction ID: b23dc685b5da5394ac89c8ab13f2cbf985e24fd8d9932a4f5164fd221fdd45c5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 991fae946bdf019a7c315e2a20c045ecd4589044c4e58f1009f440a7fe048d5b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76110B72A04201BADB146FF18E89A9F76659F44398F204C3FF102F61D1EAFC89415B5D
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00401D5D Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,?), ref: 00401D63
                                                                                                                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 00401D70
                                                                                                                                                                                                                          • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D91
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D9F
                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00401DAE
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1849352358-0
                                                                                                                                                                                                                          • Opcode ID: aa13740a01abf0a12383255fbb6bacfc07128faef757ca7dce2eb0223a04ec7c
                                                                                                                                                                                                                          • Instruction ID: d9fd13ec482603559a9c09f77eb5ae76b99fbdc016b4c624d38ebcad95bf5f4c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa13740a01abf0a12383255fbb6bacfc07128faef757ca7dce2eb0223a04ec7c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28F0FF72A04518AFDB01DBE4DF88CEEB7BCEB48341B14047AF641F61A0CA749D519B78
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00404ADE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(00450248,00450248,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B7F
                                                                                                                                                                                                                          • wsprintfW.USER32 ref: 00404B88
                                                                                                                                                                                                                          • SetDlgItemTextW.USER32(?,00450248), ref: 00404B9B
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                          • String ID: %u.%u%s%s
                                                                                                                                                                                                                          • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                          • Opcode ID: c75ab1504dd8104253bdc04bf71218fd338cad173e8ef5afb4fab122f1cee964
                                                                                                                                                                                                                          • Instruction ID: 65d6ef813479b3ccfd969ec0db039784a4d8c6b5967a53089d3579ec78c560c8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c75ab1504dd8104253bdc04bf71218fd338cad173e8ef5afb4fab122f1cee964
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 401193736041282ADB00656D9C45F9E369C9B85334F25423BFA65F21D1E979D82582E8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00402D44 Relevance: 6.1, APIs: 4, Instructions: 63registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402DA9
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DB2
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DD3
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Close$Enum
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 464197530-0
                                                                                                                                                                                                                          • Opcode ID: 783bf1924eaceae6677feedcc5031a151434ee63f91e097ea153fa5b1c868383
                                                                                                                                                                                                                          • Instruction ID: fc7ade2e12cd9e993d25f9a328d8db16c9603ee1eb20de8c24b8f84b94a82c23
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 783bf1924eaceae6677feedcc5031a151434ee63f91e097ea153fa5b1c868383
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4116A32500109FBDF02AB90CE09FEE7B7DAF54340F100076B904B51E1E7B59E21AB68
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00402E79 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • DestroyWindow.USER32(00000000,00000000,00403059,00000001,?,00000006,00000008,0000000A), ref: 00402E8C
                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00402EAA
                                                                                                                                                                                                                          • CreateDialogParamW.USER32(0000006F,00000000,00402DF3,00000000), ref: 00402EC7
                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,00000005,?,00000006,00000008,0000000A), ref: 00402ED5
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2102729457-0
                                                                                                                                                                                                                          • Opcode ID: 924f9f108daf828ee83ef716cb3535c52cefc1d4ff45c1c6af266e6598bfdb86
                                                                                                                                                                                                                          • Instruction ID: 9c0cd9c85579b1f1539786df4f617efd254904ce91a486f6a135d178cfad0ab8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 924f9f108daf828ee83ef716cb3535c52cefc1d4ff45c1c6af266e6598bfdb86
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7AF05E30485630EBD6506B20FE0CACB7BA5FB84B41B0149BAF005B11E4D7B85880CBDC
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00405296 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • IsWindowVisible.USER32(?), ref: 004052C5
                                                                                                                                                                                                                          • CallWindowProcW.USER32(?,?,?,?), ref: 00405316
                                                                                                                                                                                                                            • Part of subcall function 0040427D: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040428F
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                          • Opcode ID: 7d5e46cc1e5f02d88c983cfba86e53e431cbed6f21b5100807b47a566b29449e
                                                                                                                                                                                                                          • Instruction ID: 334c9fee3abb3f39d596823d3a3537c7effd0098edc8ca0b3d981ed7cb288a41
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d5e46cc1e5f02d88c983cfba86e53e431cbed6f21b5100807b47a566b29449e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9015A31100709ABEB205F51DD94A9B3B26EB84795F20507AFA007A1D1D7BA9C919E2E
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00406188 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00004000,00000002,?,00000000,?,?,Remove folder: ,?,?,004063FC,80000002), ref: 004061CE
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,004063FC,80000002,Software\Microsoft\Windows\CurrentVersion,Remove folder: ,Remove folder: ,Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nss10B5.tmp\), ref: 004061D9
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseQueryValue
                                                                                                                                                                                                                          • String ID: Remove folder:
                                                                                                                                                                                                                          • API String ID: 3356406503-1958208860
                                                                                                                                                                                                                          • Opcode ID: caab4bc250bb6a278ef1a8ac262e6d4f4be946af9bdb02c3b8c6b2633afb5ee1
                                                                                                                                                                                                                          • Instruction ID: 8659262355d6ebf2290daf59b07b2549fc881bd87fa0bb5ea6267207f8cb0b09
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: caab4bc250bb6a278ef1a8ac262e6d4f4be946af9bdb02c3b8c6b2633afb5ee1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68017C72500209EADF218F51DD09EDB3BB8EF55364F01403AFE16A61A1D378DA64EBA4
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004058A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00468250,Error launching installer), ref: 004058CC
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 004058D9
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • Error launching installer, xrefs: 004058B6
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                          • String ID: Error launching installer
                                                                                                                                                                                                                          • API String ID: 3712363035-66219284
                                                                                                                                                                                                                          • Opcode ID: 63fdd641d1b9510881a379fce0cbff5cab58f1c092c5a17148380fd449a2e826
                                                                                                                                                                                                                          • Instruction ID: 30392a530fa928b09b8412afc6dc4f2cd20664ca8a9f97139eafb5a2ce14b88a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63fdd641d1b9510881a379fce0cbff5cab58f1c092c5a17148380fd449a2e826
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33E09AB5540609BFEB009B64DD05F7B77ACEB04708F508565BD51F2150EB749C148A79
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00405D15 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D25
                                                                                                                                                                                                                          • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405D3D
                                                                                                                                                                                                                          • CharNextA.USER32(00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D4E
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D57
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.2380907427.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380881698.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380928909.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004E3000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.000000000054F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2380954483.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.2381312630.000000000059B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_nsis-installer.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 190613189-0
                                                                                                                                                                                                                          • Opcode ID: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                                                                                                                                                                                          • Instruction ID: cc601e2af81a4130f3690bf6756e9ae730db34a97aa71f580e1783f9e5236296
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3DF0F631200818FFC7129FA4DD049AFBBA8EF06354B2580BAE840F7211D634DE02AF98
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                          Function 05266808 Relevance: .7, Instructions: 674COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3f35d15b7cb87e0cc665d28113a7ca6c89755e1d637371f7467c6ece23734517
                                                                                                                                                                                                                          • Instruction ID: 573d3f9fa2a85444234c17804e589138e3b1b13a868126bba93015be07be991c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f35d15b7cb87e0cc665d28113a7ca6c89755e1d637371f7467c6ece23734517
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D52BF30A1121ACFDB24DF64D894BADBBB2FF85304F144099D90AAB355DB70AE85CF91
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526B94F Relevance: .3, Instructions: 252COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 181fab9ef0ffd60febfdb06310ce0e9ae20cf3f530e02481b1dce910bbe706ce
                                                                                                                                                                                                                          • Instruction ID: 0206b39ebeb04927de924ce4ef8ad23c6ac9685628f0ece6053c7a2c9cd45154
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 181fab9ef0ffd60febfdb06310ce0e9ae20cf3f530e02481b1dce910bbe706ce
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF91AE70F017599BDB19EFB488106AEBBF2EFC4600B50892DD286AB340DF745E068BD5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526B950 Relevance: .3, Instructions: 252COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 06111e15998f2f282b61c3b4d23ce28f2855d804831079d58f8e51f1714552f5
                                                                                                                                                                                                                          • Instruction ID: 9b3b20132dfa4ba3bdd6806dc2e92b0a78f2a5cf1d573e9c603585740d213bc7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 06111e15998f2f282b61c3b4d23ce28f2855d804831079d58f8e51f1714552f5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B919070F017599BDB19EFB588106AEBBF2EFC4600B50892DD286AB340DF745D068BD5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 05262DF0 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c4b40cf3aeedd8883a952ed9ad369763c21b6e3715b5f3d583dd0e6ff23e269a
                                                                                                                                                                                                                          • Instruction ID: 86992675ea3801172cb7f3d5a106e116d72c203085c29402d5100f6b7be64268
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4b40cf3aeedd8883a952ed9ad369763c21b6e3715b5f3d583dd0e6ff23e269a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 55918A74A00246DFCB15CF58C5949AEFBB5FF48310B2486A9D915AB3A5C735FC81CBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526C5A8 Relevance: .2, Instructions: 155COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 18919e30d1e1ef0d8451cceae40507a91420614b7034304664442081b9a55d64
                                                                                                                                                                                                                          • Instruction ID: 4f328b21c66b1a47ff4f6dbace4cb365c9897d2dadd6b76a7a0bf0a904635b5a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 18919e30d1e1ef0d8451cceae40507a91420614b7034304664442081b9a55d64
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17611575E10249CFDB14DFA9C584B8DBBF6AF88310F14812AE409BB255DB709C85CB60
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526C5A7 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c7b89339336e7e09afb34b9284eecf0479103b611a801e156306cdb8fb768fd1
                                                                                                                                                                                                                          • Instruction ID: 1916db0d8d8dabee3a8a94043cc5bb2c0bef5a69e3d77e89c05faa05fccad38e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7b89339336e7e09afb34b9284eecf0479103b611a801e156306cdb8fb768fd1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7510475E00248CFDB54DFA9C584A9DBBF6EF88310F14812AE859AB365DB709C85CB60
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 05264070 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2a0f08b6e30fcebeb252a46878443a0836198da9e56d52eb83792dba6f30a510
                                                                                                                                                                                                                          • Instruction ID: 9b93b7a3995455820330dd967be84f35f63abacf2dc6a3b7520a1c48c2da2022
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a0f08b6e30fcebeb252a46878443a0836198da9e56d52eb83792dba6f30a510
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13517034A052448FDB05DB78C4946AEBBF3AF89340F18806AD845AF3A6CA759C45CBA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 052679BC Relevance: .1, Instructions: 121COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d5e2e96138d65f816c1543a47a44928ccf85b51b4b7f45e108a4b5abe1a07656
                                                                                                                                                                                                                          • Instruction ID: 9c81ead208e628ee725d51941662e5758e86c62fc59241ca4145ec9384f574fb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d5e2e96138d65f816c1543a47a44928ccf85b51b4b7f45e108a4b5abe1a07656
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA51DC38610249CFDB04DF68D444ADE7BB2FF88314F189158D505AB3A6DB74DD85CBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 052640A0 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5a7fbbac530b0a5a93fbdddfb0c2208f26787c2e66317d7ac1c47f614c65b4a9
                                                                                                                                                                                                                          • Instruction ID: 5662e09f615b986ee48b130d469be7f76b0e7673b73405c6637b22bf89a984fa
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a7fbbac530b0a5a93fbdddfb0c2208f26787c2e66317d7ac1c47f614c65b4a9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F412134A00204DFDB04DBB9C5947AEBBF7EFC9350F248469D906AB355DE759C418BA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526EB08 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: bc5d6d90daf2a4ea03549da384b0a40dfdefdda2e73c1fb344999690bd14227f
                                                                                                                                                                                                                          • Instruction ID: a4b8cdf5dd6489fe965076353523acc61ee66b5fe3c85cd4ebeedddfd4ea141f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc5d6d90daf2a4ea03549da384b0a40dfdefdda2e73c1fb344999690bd14227f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5416D75E107499FDB04DFA5C894AEEBBF6FFC8310F148129E409AB255EB709885CB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526EB07 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 60c457aa99c1f263e3204fb944525d6025b7b41f419fe7065d8cf0845af161a0
                                                                                                                                                                                                                          • Instruction ID: 1b46bc72a08cc9c18e08fa64e1e448b0ceaa9bf50d99b2b94042f3f6afdbb002
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 60c457aa99c1f263e3204fb944525d6025b7b41f419fe7065d8cf0845af161a0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB416075E107499FDB04DFA5C8946EEBBF6FFC8310F148129E409AB255EB709885CB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526DC8F Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 455756b2a535be25c30af63b1bca0aebc9e2b414981bbf02e8a5f3f71b52f383
                                                                                                                                                                                                                          • Instruction ID: bc3297ccbbef6356fd0b304bf4e563e1f1dfc97e9fa0b60662020203cfa987ca
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 455756b2a535be25c30af63b1bca0aebc9e2b414981bbf02e8a5f3f71b52f383
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 183149787002049FD708DF79D95496ABBB6FFC8310B24856CE54A8B366CE30EC02CBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526DC90 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 31bf541b57118f6a61495c98c09a676780a2c004688a9d4278eef1a49573a97f
                                                                                                                                                                                                                          • Instruction ID: cec6e6819c4de79a572e52c5a0b1a725871abf4bfbb80a9b11ed8276ca85f0f9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 31bf541b57118f6a61495c98c09a676780a2c004688a9d4278eef1a49573a97f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F3139797002049FD708DF79D95496ABBB6FFC9310B14856CE54A8B366CE31ED42CBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526F675 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 8b6c52bae967e38a892f862f59368c10158783d82ee0ca6f92f5e2709221261c
                                                                                                                                                                                                                          • Instruction ID: d5b497b269c9160e20f32853c998cbd4d3ad11250d34554921d563df33bd994e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b6c52bae967e38a892f862f59368c10158783d82ee0ca6f92f5e2709221261c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75315075E2420A8BDF15DFA5DA84BEDBBF2BF08304F248028D015A7264DB749985CB51
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526B32F Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 173cd7d43673e239b26cfb2ba3064d98d56636d118fe231dc08fb2410ab38cb5
                                                                                                                                                                                                                          • Instruction ID: 97d41e9fd814b36ec0eb60e5cb977f478d0c37aae7e8edc664b05884346df48a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 173cd7d43673e239b26cfb2ba3064d98d56636d118fe231dc08fb2410ab38cb5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C311C74F102099FDB18DF79D494BAEBBF6AF89300F148029E506EB351EA749C458B51
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526B330 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a48580366e6f80eae6ac34f7070d2fe389606266054c8a7c9ae51ee1c9d84d00
                                                                                                                                                                                                                          • Instruction ID: 8bf2c36efab1edf0c0bcbfc34ef0e56c69c57064a12f6667401c36ac7ed5713c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a48580366e6f80eae6ac34f7070d2fe389606266054c8a7c9ae51ee1c9d84d00
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D5312D70F102099BDB18DF79D494BAEBBF6EF89300F148029E505EB351EB749C458B61
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526B1E8 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 398d797b5d29bc812bd9be6d6e8fdacdfbfdb70ae1122aa59992c19808219ec1
                                                                                                                                                                                                                          • Instruction ID: d7455795efa5298a947d27ed42c08ddb7f3e2022e55ad3313f8c7668da5d926e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 398d797b5d29bc812bd9be6d6e8fdacdfbfdb70ae1122aa59992c19808219ec1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC315078A006499FDB04EF64D894AEEBBB2EF85300F218469C115AF3A5DB759D01CFA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526F4E0 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d1ba9301dde89bda853f3a989b2f938a91137b121a5954ab62b896a412993c2a
                                                                                                                                                                                                                          • Instruction ID: 9b120e0bb5a81f0f015f6608e70d2ea89354b9d4218467f388ba1f42a5ddba7a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1ba9301dde89bda853f3a989b2f938a91137b121a5954ab62b896a412993c2a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2F318C7191034A9FDF20CF99D984BAFBBF4FF48714F248009E91966294C3B5A990CFA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526B1F8 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 35232df5f7e79c96081ca7ce96456ac84ea9137693ab1c5cdaae5347f22364e5
                                                                                                                                                                                                                          • Instruction ID: 03d224e79f30b14f13c7eed4496be2a4f60c6e980fa4e9943f1481b2ae47efb5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 35232df5f7e79c96081ca7ce96456ac84ea9137693ab1c5cdaae5347f22364e5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C316178A006099FDB04EF64D994AEFB7B6EF84300F208468C205AB3A4DF759D018FA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0366EE9C Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2415286340.000000000366D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0366D000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_366d000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 17e3e02f252c13bc8cc5cdc72bf08af7228cfa658873a746eb8369df8fd9ea0a
                                                                                                                                                                                                                          • Instruction ID: 9d46a4ea872012cdc786c582af449feaec67d0e7f2808747fb024b6f3f512ded
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 17e3e02f252c13bc8cc5cdc72bf08af7228cfa658873a746eb8369df8fd9ea0a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7721027A604240EFCB04DF10DBC0B26BF69FB88354F24C5A9E9090A256C337D816CB61
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526F94F Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 51a04237b18e5db6c3a29bfc3dbd3e54bc5a54464d4206843db22aff9cdb7bc7
                                                                                                                                                                                                                          • Instruction ID: fb24b4a96823da0c06d21c3e3f5d594617eb7e7bbcfa992bbbd50506dd647253
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 51a04237b18e5db6c3a29bfc3dbd3e54bc5a54464d4206843db22aff9cdb7bc7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F21B73160A3C26FCB368B349960F567B71EF42204F2644DED58ACF1A6FA70D845CB11
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526E488 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7fb097495ddc236dadda0522cd5e64154794f54732db4da8de04d9948a740211
                                                                                                                                                                                                                          • Instruction ID: ecd90be08fe9a591a95b0542d49308c6cf1c44a3f9abdc66c9de6035bd55ae8b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7fb097495ddc236dadda0522cd5e64154794f54732db4da8de04d9948a740211
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C221A1747002058BD718EF69D840A6ABBB6FFC4300F10892DD14A8F352EFB1AC0A8B90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 05268E7F Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0f689f5f0237a5e59ec9efc399c3cd37ef86c751d27788c81fb6479e71e89b68
                                                                                                                                                                                                                          • Instruction ID: 77dfa701cf536aea915be7f2e2ecbe944dd46407f0ace2bdb8ec28ed8600fbd0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f689f5f0237a5e59ec9efc399c3cd37ef86c751d27788c81fb6479e71e89b68
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A218974915746CEDB60CF6AC08879AFBF2FF88324F28801ED84DA7216C6B45481CB10
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 05268E80 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6cd7a7dd9ed8fe64fc3063f657f8a61b6c959d1fc1a5e0022a0c210a44cea806
                                                                                                                                                                                                                          • Instruction ID: c22360af3f23cb8a3d97a2576b51e2ab1ceff0dc6274ab70b95a72c1b147cc8f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6cd7a7dd9ed8fe64fc3063f657f8a61b6c959d1fc1a5e0022a0c210a44cea806
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16215974915746CEDB60CF6AC48879AFBF6FF88324F28841ED84DA7216D67464818B60
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526DEC0 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6c827839af41448e2e9b1fcb8f7db0e820c491f443f3cd6b835110d71aa2de0a
                                                                                                                                                                                                                          • Instruction ID: 85cb2f3fc01a6475365f014f50be5072713c88e38cb013d9601d9017ac1deee2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c827839af41448e2e9b1fcb8f7db0e820c491f443f3cd6b835110d71aa2de0a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C21D238A00314DFC715DBB9D418A9DBFF1EF8A210F2481ACD14A9B3A2DB719C44CBA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526E487 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 604ad87e11ce6cdc7c5d4e71972f0d733a0d22fb81eee517e0d2a6669378b701
                                                                                                                                                                                                                          • Instruction ID: dcf0dd2ebd1b548acf9e3b7df47716b4bd5659519c8df8d0c869bee2cf27bf22
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 604ad87e11ce6cdc7c5d4e71972f0d733a0d22fb81eee517e0d2a6669378b701
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E611AF757002158FD315EB69D850B6BBBB6FFC4300F10852DD14A8B792DEB1A8058B90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0366EE97 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2415286340.000000000366D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0366D000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_366d000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 226763f8ebee4a326c53d81c1b8fbc9c4432138e5169b0b621e51b23af87bf07
                                                                                                                                                                                                                          • Instruction ID: e05734243e82a57610eaeeae0a0613e9bd984a6bd6ad8c7866996667869fbf09
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 226763f8ebee4a326c53d81c1b8fbc9c4432138e5169b0b621e51b23af87bf07
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72218C7A504240DFCB06CF50DAC4B16BF76FB48314F28C6A9E9094A266C33BD46ACB91
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 05265F40 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6f84017b8a23645f64842bce990e20df9c269417f65286c66065b8590fdb3605
                                                                                                                                                                                                                          • Instruction ID: 5f60fca39eb5c997afe9ad245fa67070eb7e120f4341a1c44d4728b2f621dc26
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f84017b8a23645f64842bce990e20df9c269417f65286c66065b8590fdb3605
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A1161363156608FC74A9B3CE4645AE7FB3EFC6251315005EE546CB352CE748C0ACB95
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526F4DF Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c6e60242b88c70fc95bed2a3f347ef3bd01e800bd8f7cdb3f99773a6ac1bfd6b
                                                                                                                                                                                                                          • Instruction ID: 1911823633090577b30e7107fce341d6e61eba0a88fa2d637e4d672bc0d767cd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6e60242b88c70fc95bed2a3f347ef3bd01e800bd8f7cdb3f99773a6ac1bfd6b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 751124B58002499FDF20CF99D984AEEBBF4FF48320F148009E969A7210C375A994CFA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526F988 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0333e4ccd7f79f2dd1c432cfcae85d958c662324d3fb113d38716d0bdb583b79
                                                                                                                                                                                                                          • Instruction ID: 2459da5956a9eb7bf7256cb44982f69cd4bea494bd05557a37177b26b00da0f7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0333e4ccd7f79f2dd1c432cfcae85d958c662324d3fb113d38716d0bdb583b79
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47015631711347ABDB34CA25DA90F5673B6EF81744F204569D50ACB294FA71F441C750
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 05262392 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a1101f686be1e280ae8ef63b7fcdbfcc10dfca7b871dbfcd7181727d947ecf3e
                                                                                                                                                                                                                          • Instruction ID: d654b4961693363b71f3bf3ccba15de16cdc2fc60e00e53925391a0a5d3aeb70
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1101f686be1e280ae8ef63b7fcdbfcc10dfca7b871dbfcd7181727d947ecf3e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB11CB34A182498FCB54DFA8D4506FEBBB2EF85310F1040A9D40AAB292CB718986CB81
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 07DA0BF4 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2433773315.0000000007DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DA0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_7da0000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 695d4fff0e8abc4671e787d5daa8f2b01b16ce08269c6abccf785f73b89c4a5d
                                                                                                                                                                                                                          • Instruction ID: f8ca522067459f55081dae522d83f80a2abdc7ad31ba1f9b1f66a04178049d2f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 695d4fff0e8abc4671e787d5daa8f2b01b16ce08269c6abccf785f73b89c4a5d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E0126B56083819FD32A462C4414156FF76AFC2A50B1990ABE2828F247D8A58C41C3B3
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526B0EF Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0b3f101506e9e2b074d9a281022e8a3c093e872dfeea7ff221c58161d1e10b15
                                                                                                                                                                                                                          • Instruction ID: 3d4664229f769c2b83754eb193b8b8ce999fb906ff0cc6c29f5d330d2b4ec585
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b3f101506e9e2b074d9a281022e8a3c093e872dfeea7ff221c58161d1e10b15
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75015734200606DBC719DB38D54459ABBE2FFCA255724963DE04ACB750DF76E846CBC0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526B0F0 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: feace75e735c53d517f943eb2730305e5364b45526e8cd014eb422e4ef8b3846
                                                                                                                                                                                                                          • Instruction ID: 9602b7994e33b17966ce2e0cc8007420abeab9085ac55044914118975976a6c9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: feace75e735c53d517f943eb2730305e5364b45526e8cd014eb422e4ef8b3846
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B015734200606DBC319DB38D54459AB7E2FFCA255760963DE04ACB750DF76E846CBC0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0366D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2415286340.000000000366D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0366D000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_366d000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: cb8f89ef77a9535e71d630136f04b32c9665963128cef8a4a8eabec10e17a916
                                                                                                                                                                                                                          • Instruction ID: b3af29c9d28311a97914fd13df276df45df1d83ff4c9329f9c4a4389d40070d8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cb8f89ef77a9535e71d630136f04b32c9665963128cef8a4a8eabec10e17a916
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B01F771604740EAE7108E25CA80B67FF98DF813A4F1CC05ADD484A242C6B89842C6B1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0366D006 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2415286340.000000000366D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0366D000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_366d000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 60184d89615f6ea4761496bcd572acded6a67f38446cb611d334158036c3e0f7
                                                                                                                                                                                                                          • Instruction ID: 58688caa4f837616408c784dad4ebd77944849df491ae6b3d937e6ea0cd256ea
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 60184d89615f6ea4761496bcd572acded6a67f38446cb611d334158036c3e0f7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A01526250E3C09ED7128B25C994752BFB4DF43224F1D80CBDD888F2A3C2695845C772
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526C3E8 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 986a0327b21b7006c30a6821fce6587a08ea29788334c3ee23e26d46f2814f0b
                                                                                                                                                                                                                          • Instruction ID: e42df92303f8c85e2f6f74d0865253ebffd125e834021d40b9ccf0cbf31b6909
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 986a0327b21b7006c30a6821fce6587a08ea29788334c3ee23e26d46f2814f0b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9F09C353042105BE704AA7EA8547AE7BD7EBC5361F20843DF60AC7385DE75DC454394
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 05265FC3 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 20fdb3f317c73e7afd80b39aef848292419b7321a02263e9d61505e360f13d8e
                                                                                                                                                                                                                          • Instruction ID: 5b8e7d57033f75d668b3f994f851fab045f58d94318c9006a3ce90faed65e871
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 20fdb3f317c73e7afd80b39aef848292419b7321a02263e9d61505e360f13d8e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8016D70A1120ACFCB45CF69D041AAE7BB1FF49314F6045ADC50AA7312C7719981CFC0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526746F Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 812acc81a9f67023e2cad3f9145b8994b16bb8709424415c381feff558e15ca1
                                                                                                                                                                                                                          • Instruction ID: 52911595ea23eefe16741b943306f4a2717bf0c8de73217512803f0834f0defe
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 812acc81a9f67023e2cad3f9145b8994b16bb8709424415c381feff558e15ca1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6DF0F0343403402BE318E626AC90BAE7B57ABC5A50F70092CE1066F39ACDA1AC0987A4
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 05267470 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f374d7a1e8e28df64a288169d0c3bec1a95c72e60ba62af4f162b87baaa45a06
                                                                                                                                                                                                                          • Instruction ID: bf43fde798eed814c9e2c9be0e39b2c598cde54acf24bc10bdf592313691e7e0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f374d7a1e8e28df64a288169d0c3bec1a95c72e60ba62af4f162b87baaa45a06
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8F0B4343403006BE21CE666AC51B5F7B5BEBC5A50F70493DE2065F399CDB1AC0947A8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526C3D7 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 92dffb84d5226b877652d61753a0c51d9f62ad5b9812af3e1aa156fac6d5610c
                                                                                                                                                                                                                          • Instruction ID: 6ca4f461c640478a3ab68637a4b00fbd36296855a1b03724f9a7479c53c97ac8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 92dffb84d5226b877652d61753a0c51d9f62ad5b9812af3e1aa156fac6d5610c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2F028343083405BE705DA39A890BAA7ED3AFC6310F24803DE609DB396CD718C458351
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526FB08 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5ede2c2db5c941caa09baaabce32e57b7b458afd30434ab0366d6eadd4b68e1c
                                                                                                                                                                                                                          • Instruction ID: 3393847a15db4f2dbfad01f5d1e8a9629f37393463fef3b45d3fd1ebf17397ea
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ede2c2db5c941caa09baaabce32e57b7b458afd30434ab0366d6eadd4b68e1c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70012870D152468FCF05DFB8C0819AEBFF1AF49214B1044AEC416EB251D6709942CB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 05267B80 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d6253dae030135e0c01411cbd1411577594b5df07046c125f9e7260155236007
                                                                                                                                                                                                                          • Instruction ID: 293f8201bcacdd7695e75b7eea9756d20fed21d2db60be710f16e2e5475a9c76
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6253dae030135e0c01411cbd1411577594b5df07046c125f9e7260155236007
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73F0F0363007008BDB14AA29A4046AE7BE7FFC9229B28452DD14ECB352EEB59C498795
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 05265F50 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 300110bbb458104715cc175f0c56ba75248cc5064d6fa203c5ce275379cc4e84
                                                                                                                                                                                                                          • Instruction ID: 75eca37dbfbe119173dc3d0431030919891fe3214099ee3430fdfbda99b470ce
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 300110bbb458104715cc175f0c56ba75248cc5064d6fa203c5ce275379cc4e84
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3F01D393115108B8745AB2CE05852D7BB7EFC9652354401EEA0BC7352CF74DC068795
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526B458 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 65a5edb829bd0cd265e4ffbdac6d532c3be97d4dfaf5a3f6174b918aa0da937c
                                                                                                                                                                                                                          • Instruction ID: 4a06a3353e23c834229105546ffa00aa2af18fec8fe795de1ff9dcdadd23cad7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 65a5edb829bd0cd265e4ffbdac6d532c3be97d4dfaf5a3f6174b918aa0da937c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6FE0D81571E65417C71AA53D643052E3E979FC24A031880BFE049DB751DD128C0743E6
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526FB18 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b8d0fcec61794436e549f18cca5d33d8050bcf19ae21b1c9b49f9b176a6fb34b
                                                                                                                                                                                                                          • Instruction ID: 7308490e11976d6963729cf835dc9e778ba464101f50b09af46de9df224fa918
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b8d0fcec61794436e549f18cca5d33d8050bcf19ae21b1c9b49f9b176a6fb34b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB01E870E1520A8FCB04DFA4D5959BEBBB5BF48200B10456AD515A7394EB319982CBD0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526FC70 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3872bb478b6035c1b3ae385dd930e484427e1f8819067d4b27ac86a57d9ebbd2
                                                                                                                                                                                                                          • Instruction ID: 724d84b5f3dc17b706ced38f27b2ad914bd7bbff9b1b7246e0734193ae63283d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3872bb478b6035c1b3ae385dd930e484427e1f8819067d4b27ac86a57d9ebbd2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9F0EC756017048F8760DF69E08059ABBF4FB8C221310492EE99AC7702D730EA058BA4
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526FC78 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3189b12d64b94b8e03cbc396439b278baead2972f2bd7bb4b9d79d110732b07c
                                                                                                                                                                                                                          • Instruction ID: eeb3b917e7b9aa0db37e7964ccafde54c75427ea4cefa16a0775614a1929ee05
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3189b12d64b94b8e03cbc396439b278baead2972f2bd7bb4b9d79d110732b07c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2F01DB56017049F8760DF6EE08098BBBF4FB8C260700452EF98AC3701D730EA05CBA5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 052655FD Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c63b31e8f38a03fb6d78cb8c095cb205b144d3ff2996b429eeca676ea6238e03
                                                                                                                                                                                                                          • Instruction ID: e82c7cdd95c5cc44dfec7d6988ef95ba7959a919ee14cf6d308bfd8137ea1e7d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c63b31e8f38a03fb6d78cb8c095cb205b144d3ff2996b429eeca676ea6238e03
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50F0BE312093868FC703DB28C8105947FB5AE46240B2441EAD944CB263DB36CD02CBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 05268C50 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 72f20b5ace3d8e96f4868bc0b8d2376f9cc1ba962c2179d8ba92309a2724d7b2
                                                                                                                                                                                                                          • Instruction ID: 40a2dcb42162496bd7d0e4cc6422aecda28953752f814d604a1f4865c08f3906
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72f20b5ace3d8e96f4868bc0b8d2376f9cc1ba962c2179d8ba92309a2724d7b2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2F058716253009FE7A49FB8E0987AA7BF2FB44311F04456EE40EC6252DB35A9908B50
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 05268B67 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: af0790d11b83dd5125bc7ea63e7ad739370a4829208c407c6bca17591d342b65
                                                                                                                                                                                                                          • Instruction ID: 41fd835ad34dfbca9821aa8772389dd745f35916dce110b39392c9ae557df61e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: af0790d11b83dd5125bc7ea63e7ad739370a4829208c407c6bca17591d342b65
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96F0EC39B042040BE300AB79D0187FFBBE2EBC1364F20826DC4065B385CE3A6846CBE0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 05268B68 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 351180ab3f96a10e9c2e700921eb62d8c9773d520b4a1457b4a8f26fb9ffd4c6
                                                                                                                                                                                                                          • Instruction ID: f7bed82eeddacb3b5dc81372d4ce524aba79b10ac8c8f3b46a9301919918ad63
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 351180ab3f96a10e9c2e700921eb62d8c9773d520b4a1457b4a8f26fb9ffd4c6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33F0EC397002080BE300AB69C4187ABB7E6EBC1364F20812DC5064B385CE3AA842CBE0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 05267B78 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3021efd2ee3cb020fbde4e9d11af2240ec31455a637a865006e2c3136d7703f1
                                                                                                                                                                                                                          • Instruction ID: a050e462286fc4f0f880de52fe68bc909e72ad50d530c4cf83d9f45b600a2dee
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3021efd2ee3cb020fbde4e9d11af2240ec31455a637a865006e2c3136d7703f1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63E02B323147004F97149A6DB0441BE7FA7FBC9225738023EE04EC7346CEA54C054751
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526FAC0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c26b703620f189ef6a692560b6994cb85931ae5458a40cf099e6be5c8b534c43
                                                                                                                                                                                                                          • Instruction ID: d2a0ed97de8fd3e312119664672e91d74cced282810421ce38803c281863ae57
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c26b703620f189ef6a692560b6994cb85931ae5458a40cf099e6be5c8b534c43
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4AE09B777151404FC355567CE4449697FB6DFC9221316015EE985C7736DFB0CC064790
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526FE88 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b1e5a36bddb286d7903f53524377a1ab62dbe7184287447cc07e47140453eb98
                                                                                                                                                                                                                          • Instruction ID: 70b9e112047b7db459c9f6763fa7570de5953a51adc0f6ad9427786ab5167518
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b1e5a36bddb286d7903f53524377a1ab62dbe7184287447cc07e47140453eb98
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5FE09270C0538DAF8B51DFBCD9010ADFFF0AE46210B2485AED448DBA02E6715681CB92
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 05268BE7 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6606aba6d4bf57a755b0ef52365bd5ee23d40391b3cfc7e30c99cbdda5c74e57
                                                                                                                                                                                                                          • Instruction ID: 74267beb36a960340aba325a17902cbc653b2e84e143d302ae9dea55ff6dca0d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6606aba6d4bf57a755b0ef52365bd5ee23d40391b3cfc7e30c99cbdda5c74e57
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5FF039749013049FE764DFB8E098BAABBE1EB44350F10052DE44ED7241DB359881CB50
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 05268BE8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 615738617d800381bd418924a5be809b39020498cdb66cb687d837b64ef7297b
                                                                                                                                                                                                                          • Instruction ID: 40253f76e94422bf2764603b59659ece0682bf1b355409d8ac8ba750d44e5b5e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 615738617d800381bd418924a5be809b39020498cdb66cb687d837b64ef7297b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2FF06D709003049BE764EFB9D098B9ABBE5FB44350F00042DE54EC7341DB35A881CB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 05268400 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c8c734aa7be877aef39cee14923928c9c0ca80bc6b0f2b6329287d3d6092a124
                                                                                                                                                                                                                          • Instruction ID: fa4f7dbf587333852ac5c5440deb3e3eda1a42dcf401d53c047f2d061157ba82
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8c734aa7be877aef39cee14923928c9c0ca80bc6b0f2b6329287d3d6092a124
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9BE0863930565457DB093B79E51CBAE7B66EBD9721F04012DD40687342CF799A0183E9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 052683FF Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e6280fb2342a808053f43b096bf284c544ba7239446cc89ed0f3a1f0b8a4fdff
                                                                                                                                                                                                                          • Instruction ID: 94228a9797bb5a82897a840894df93152462b7aa78fe057b0191113807aae829
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e6280fb2342a808053f43b096bf284c544ba7239446cc89ed0f3a1f0b8a4fdff
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78E0DF393052505BDB092B78A10CAAE7B62EBD9720F04022DD00687342CF698A0287A5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526B448 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 750c1d8b6a59bf492a7e15c694cc2bc4456ef057a452aa63af82f91bbf7fbe20
                                                                                                                                                                                                                          • Instruction ID: 4e84cb64987cb0aced4d103e9ed7a72a5eaf09695854a389e20624731af57546
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 750c1d8b6a59bf492a7e15c694cc2bc4456ef057a452aa63af82f91bbf7fbe20
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9CD02B3272C1911B4B1D907D7830AAE5FE34FD20B0319807FE549C7301CC418C0747A0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 05268FCC Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: dc4567c6dd2626200394487cf3c0dd2b9757f74bc3804e159b22dc3144b8c454
                                                                                                                                                                                                                          • Instruction ID: 2c41d215777f47f06ad3f9572754d5912015d5bab8a45c61696dd75d7f1de1b4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc4567c6dd2626200394487cf3c0dd2b9757f74bc3804e159b22dc3144b8c454
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BAD0A7323250230B167438FD1C18BBB42CB8FC40623090236E90DC7741DC50CC8253F1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 05268FD0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 8a6aad53c8ba4d5076127f2da2ce95e3413b60875c024f8912c910a77aa33820
                                                                                                                                                                                                                          • Instruction ID: f79b787cddbd7e2599435ea13c97bb03af5b014b8912d2e07db14296a5cc0e2f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a6aad53c8ba4d5076127f2da2ce95e3413b60875c024f8912c910a77aa33820
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2D09E2272516617066479AE181877BA1CF8EC54A17054136EA09C7641ED95CC8253F5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 05267BEC Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 889a2ef691f6e6addf9e1ef61ee16800c8b84b714af127307d1ad7eabbde6565
                                                                                                                                                                                                                          • Instruction ID: 1d6838025aab4779beaa544114dab1de5722fa64a0c745d8e29e38b21f025be9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 889a2ef691f6e6addf9e1ef61ee16800c8b84b714af127307d1ad7eabbde6565
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26E0CD7331D1508FE3015668B8641743F71EBD525770C019FD18BCA553D5C9C5529751
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526FAD0 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 277412e3283b4248a46c43bc4d81fbd62ab1a59b8531bb34e14da33726a410ea
                                                                                                                                                                                                                          • Instruction ID: 38496d6c92b4e09d2ce0e6c21c644df12b5e9bcd43a16d8d478d75d33d3afd54
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 277412e3283b4248a46c43bc4d81fbd62ab1a59b8531bb34e14da33726a410ea
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65E0C2363101108F83549A2CE44486A7BFBEFC8631321016EEA0AC7319DEB0EC0247A0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 05265610 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0441edd9f333f6997474b6a96f639e8fbb9aa9aa818b1446d3fecd066df899f0
                                                                                                                                                                                                                          • Instruction ID: 95c74baa6fac1ff781a9b2c0758e510c9e746ee193ee31b1573039998875afdf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0441edd9f333f6997474b6a96f639e8fbb9aa9aa818b1446d3fecd066df899f0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49E04F74204306DFC705DB69D810955B7AAEF44244B2481AADD09C7202EF32DE42CB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526FE48 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4e31468b7c1914127b4d039f6eaa5b2c799fdfde52473396a3d24ecb16448683
                                                                                                                                                                                                                          • Instruction ID: 59197871c88d3c3389acecaaa26f4511490e5a2123a82caf245502acfd57b890
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e31468b7c1914127b4d039f6eaa5b2c799fdfde52473396a3d24ecb16448683
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CAE0EC3530465057D314E649E854A6BF79ADFC6351F24847EA7198B7A4CA26CC0387A4
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526FE98 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                                                                                                                                                                                                          • Instruction ID: 2b704f10c435f40f6778b513a6e2d3dc61a403ce34142f5f3a45d33dbec6b619
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DED017B0D002099F8B80EFACC94156EFBF4EF48200F2085AAC918E3301E7329A128FD1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 052681CF Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 27290cf8028aabecd9089eff5804475202efadca6b312c01b5e6e45b07eeb22d
                                                                                                                                                                                                                          • Instruction ID: 56cabf3da5d9a841f6673d23617ef4dfebe59e7c473f6c319561896072672be9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27290cf8028aabecd9089eff5804475202efadca6b312c01b5e6e45b07eeb22d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EBD0173081504A8BDF48EFA4E55A8FDBF70EE20301F4001ADD90792192DB214A4ACF81
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 052681D0 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 783003d3d1b68b4690926c433154b2bd64e2f34d2ca3825d0dfbab348776d2a9
                                                                                                                                                                                                                          • Instruction ID: 090c48e6f2cab9e206cc116f2b1f530a0f616c05d15febe8383af1fb94118f46
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 783003d3d1b68b4690926c433154b2bd64e2f34d2ca3825d0dfbab348776d2a9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FFD0173080510A8BDB48EFA4E91A8BDBB74EA20301F40006DD90792182EF205A46CAC1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 05268298 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f52c7b034deee9ad5ec40f6cbed4a9a3ad114914b67d548a7e601c8056d7dceb
                                                                                                                                                                                                                          • Instruction ID: 6ff45c8df7097a5e329f9784bc443316580994d35adb31ffa794acbac84524fb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f52c7b034deee9ad5ec40f6cbed4a9a3ad114914b67d548a7e601c8056d7dceb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BFD012309142088F8784EF64D94596E7BB5EB44200F004158D90993341D6705951CBC0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0526C7B8 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000013.00000002.2416040840.0000000005260000.00000040.00000800.00020000.00000000.sdmp, Offset: 05260000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_5260000_powershell.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 975602f48d4e4346336f974cc3721e3bc3488681be5e392b6823ff606cb770c7
                                                                                                                                                                                                                          • Instruction ID: 81a051640496803d86fb51fe13827281a3e323597345541778081e8f3b4d9033
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 975602f48d4e4346336f974cc3721e3bc3488681be5e392b6823ff606cb770c7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46C08C4011F7C01FDB038F39890015A3F70AC074A0BAA00CBD080CE0A3C1B8C84EA333
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%