Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://ortelia.com/download-ortelia-curator/

Overview

General Information

Sample URL:https://ortelia.com/download-ortelia-curator/
Analysis ID:1431415
Infos:

Detection

Havoc
Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected Havoc
Yara detected Generic Downloader
Creates a process in suspended mode (likely to inject code)
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Queries time zone information
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 7112 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://ortelia.com/download-ortelia-curator/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6200 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1952,i,16433353149473485546,11441211816697710933,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 7572 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4324 --field-trial-handle=1952,i,16433353149473485546,11441211816697710933,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • CuratorSetup.exe (PID: 7976 cmdline: "C:\Users\user\Downloads\CuratorSetup.exe" MD5: C9ADE8D7F83B0C6A7B2A2C1C17F48E7C)
      • vc_redist.x64.exe (PID: 8188 cmdline: "C:\Program Files\Ortelia Curator\vc_redist.x64.exe" /silent MD5: 27B141AACC2777A82BB3FA9F6E5E5C1C)
        • vc_redist.x64.exe (PID: 1284 cmdline: "C:\Program Files\Ortelia Curator\vc_redist.x64.exe" /silent -burn.unelevated BurnPipe.{43283AE4-5BB8-44FA-9263-CFC3EA715B84} {2CADAC6A-0855-4F21-A415-28FC270B2FA9} 8188 MD5: 27B141AACC2777A82BB3FA9F6E5E5C1C)
      • OrteliaCurator.exe (PID: 7600 cmdline: "C:\Program Files\Ortelia Curator\OrteliaCurator.exe" MD5: F42024F641F5FA36B4EC8B7646CD737F)
        • UnityCrashHandler64.exe (PID: 7592 cmdline: "C:\Program Files\Ortelia Curator\UnityCrashHandler64.exe" --attach 7600 2993575759872 MD5: 49EA482DBE2AB3DA2A0768821AB77B03)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
HavocHavoc is a modern and malleable post-exploitation command and control framework, created by @C5pider.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.havoc

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\Downloads\Unconfirmed 530961.crdownloadJoeSecurity_Havoc_1Yara detected HavocJoe Security
    C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      C:\Users\user\Downloads\Unconfirmed 530961.crdownloadJoeSecurity_Havoc_1Yara detected HavocJoe Security
        C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
          C:\Users\user\Downloads\Unconfirmed 530961.crdownloadJoeSecurity_Havoc_1Yara detected HavocJoe Security

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000013.00000002.2623375955.000002BA62DC0000.00000002.00000001.00040000.00000019.sdmpJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

              Sigma Signatures

              No Sigma rule has matched

              Snort Signatures

              No Snort rule has matched

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\AccentBeamShaper.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\AccentBeamSpot.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\AstralAxial18-34Zoomspot.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\AstralAxial22-44Zoomspot.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\Aureal_26_50_BeamShaper.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\Aureal_FrescoFlood.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\ellipsoidalFixedFL.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\ellipsoidalZoom.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\FrescoLEDWallWasher.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\fresnel.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\LEDWallWasher.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\PL1LEDLuminaire.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\PL1_20_50_Beam.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\PL3_NarrowBeam.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\PL3_WideBeamLED.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\scoop.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\SeleconDisplayLEDProfile.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\SeleconDisplayProfile_15_35.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\SeleconDisplayProfile_25_50.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\SeleconWingCDM.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\SeleconWingLinear.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\SeleconWingTuneable.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Frames
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Frames\Deep White.jpg
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Frames\Deep White.json
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Frames\Ornate 1.jpg
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Frames\Ornate 1.json
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Frames\Ornate 2.png
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Frames\Ornate 2.json
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Frames\Rustic Wood.jpg
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Frames\Rustic Wood.json
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Frames\Simple Maple.jpg
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Frames\Simple Maple.json
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Frames\Simple Oak.jpg
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Frames\Simple Oak.json
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\EmbedRuntime
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\EmbedRuntime\mono-2.0-bdwgc.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\EmbedRuntime\MonoPosixHelper.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\2.0
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\2.0\Browsers
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\2.0\Browsers\Compat.browser
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\2.0\DefaultWsdlHelpGenerator.aspx
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\2.0\machine.config
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\2.0\settings.map
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\2.0\web.config
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.0
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.0\Browsers
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.0\Browsers\Compat.browser
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.0\DefaultWsdlHelpGenerator.aspx
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.0\machine.config
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.0\settings.map
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.0\web.config
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.5
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.5\Browsers
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.5\Browsers\Compat.browser
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.5\DefaultWsdlHelpGenerator.aspx
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.5\machine.config
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.5\settings.map
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.5\web.config
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\browscap.ini
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\config
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\mconfig
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\mconfig\config.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator.exe
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\blank.jpg
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\freeimage-license.txt
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\FFmpeg
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\FFmpeg\blank.jpg
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\FFmpeg\ffmpeg-20160530-git-d74cc61.tar.xz
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\FFmpeg\ffmpeg.exe
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\pdf
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\pdf\elevation.css
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\pdf\source
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\pdf\source\libwkhtmltox-0.11.0_rc1.zip
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\pdf\wkhtmltopdf.exe
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\app.info
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\boot.config
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\globalgamemanagers
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\globalgamemanagers.assets
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\level0
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\level1
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\level2
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\level3
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Accessibility.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\AGM.EdgeDetection.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Assembly-CSharp-firstpass.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Assembly-CSharp.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Autodesk.Fbx.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\BakeryRuntimeAssembly.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Byn.Awrtc.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Byn.Awrtc.Native.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\CTCommon.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\FreeImageNET.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\I18N.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\I18N.West.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\ICSharpCode.SharpZipLib.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Mono.Data.Sqlite.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Mono.Posix.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Mono.Security.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Mono.WebBrowser.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\MoodkieSecurity.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\mscorlib.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\netstandard.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Ookii.Dialogs.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Photon3Unity3D.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PhotonChat.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PhotonRealtime.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PhotonUnityNetworking.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PhotonUnityNetworking.Utilities.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PhotonWebSocket.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PLUSManaged.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PLUSManaged.XmlSerializers.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.ComponentModel.Composition.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.ComponentModel.DataAnnotations.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Configuration.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Core.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Data.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Design.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Diagnostics.StackTrace.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Drawing.Design.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Drawing.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.EnterpriseServices.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Globalization.Extensions.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.IO.Compression.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.IO.Compression.FileSystem.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Net.Http.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Numerics.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Runtime.Serialization.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Runtime.Serialization.Formatters.Soap.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Runtime.Serialization.Xml.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Security.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.ServiceModel.Internals.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Transactions.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Web.ApplicationServices.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Web.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Web.Services.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Windows.Forms.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Xml.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Xml.Linq.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Xml.XPath.XDocument.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.Analytics.DataPrivacy.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.Formats.Fbx.Runtime.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.Postprocessing.Runtime.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.ProBuilder.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.ProBuilder.KdTree.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.ProBuilder.Poly2Tri.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.ProBuilder.Stl.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.Recorder.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.Recorder.Base.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.ScriptableBuildPipeline.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.TextMeshPro.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.Timeline.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.AccessibilityModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.Advertisements.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.AIModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.AndroidJNIModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.AnimationModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ARModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.AssetBundleModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.AudioModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ClothModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ClusterInputModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ClusterRendererModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.CoreModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.CrashReportingModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.DirectorModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.DSPGraphModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.GameCenterModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.GridModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.HotReloadModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ImageConversionModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.IMGUIModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.InputLegacyModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.InputModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.JSONSerializeModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.LouserzationModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.Monetization.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ParticleSystemModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.PerformanceReportingModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.Physics2DModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.PhysicsModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ProfilerModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.Purchasing.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ScreenCaptureModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.SharedInternalsModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.SpatialTracking.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.SpriteMaskModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.SpriteShapeModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.StreamingModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.SubstanceModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.SubsystemsModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.TerrainModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.TerrainPhysicsModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.TextCoreModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.TextRenderingModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.TilemapModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.TLSModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UI.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UIElementsModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UIModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UmbraModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UNETModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityAnalyticsModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityConnectModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityTestProtocolModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityWebRequestAssetBundleModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityWebRequestAudioModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityWebRequestModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityWebRequestTextureModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityWebRequestWWWModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.VehiclesModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.VFXModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.VideoModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.VRModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.WindModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.XR.LegacyInputHelpers.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.XRModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Vectrosity.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\WebRtcCSharp.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\wrtc.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\assimp.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\FreeImage.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\libbrotli.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\libfastlz.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\liblz4.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\liblzma.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\libzipw.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\ProResToolbox.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\ProResWrapper.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\UnityFbxSdkNative.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\webrtccsharpwrap.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Resources
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Resources\unity default resources
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Resources\unity_builtin_extra
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\resources.assets
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\resources.assets.resS
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\sharedassets0.assets
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\sharedassets0.assets.resS
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\sharedassets0.resource
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\sharedassets1.assets
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\sharedassets1.assets.resS
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\sharedassets2.assets
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\sharedassets2.assets.resS
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\sharedassets3.assets
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Spaces
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Spaces\Default.ocs
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Exh
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Exh\OrteliaDemo.exh
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\UnityCrashHandler64.exe
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\vc_redist.x64.exe
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\UnityPlayer.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Ortelia Curator.url
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\uninst.exe
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\freeimage-license.txt
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1028\license.rtf
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1029\license.rtf
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1031\license.rtf
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1036\license.rtf
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1040\license.rtf
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1041\license.rtf
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1042\license.rtf
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1045\license.rtf
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1046\license.rtf
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1049\license.rtf
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1055\license.rtf
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\2052\license.rtf
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\3082\license.rtf
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\license.rtf
              Source: unknownHTTPS traffic detected: 23.46.188.128:443 -> 192.168.2.16:49741 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 23.46.188.128:443 -> 192.168.2.16:49745 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49749 version: TLS 1.2

              Networking

              barindex
              Yara detected Generic Downloader
              Source: Yara matchFile source: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.dll, type: DROPPED
              Source: Yara matchFile source: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.dll, type: DROPPED
              Source: Yara matchFile source: 00000013.00000002.2623375955.000002BA62DC0000.00000002.00000001.00040000.00000019.sdmp, type: MEMORY
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownTCP traffic detected without corresponding DNS query: 23.46.188.128
              Source: unknownTCP traffic detected without corresponding DNS query: 23.46.188.128
              Source: unknownTCP traffic detected without corresponding DNS query: 23.46.188.128
              Source: unknownTCP traffic detected without corresponding DNS query: 23.46.188.128
              Source: unknownTCP traffic detected without corresponding DNS query: 23.46.188.128
              Source: unknownTCP traffic detected without corresponding DNS query: 23.46.188.128
              Source: unknownTCP traffic detected without corresponding DNS query: 23.46.188.128
              Source: unknownTCP traffic detected without corresponding DNS query: 23.46.188.128
              Source: unknownTCP traffic detected without corresponding DNS query: 23.46.188.128
              Source: unknownTCP traffic detected without corresponding DNS query: 23.46.188.128
              Source: unknownTCP traffic detected without corresponding DNS query: 23.46.188.128
              Source: unknownTCP traffic detected without corresponding DNS query: 23.46.188.128
              Source: unknownTCP traffic detected without corresponding DNS query: 23.46.188.128
              Source: unknownTCP traffic detected without corresponding DNS query: 23.46.188.128
              Source: unknownTCP traffic detected without corresponding DNS query: 23.46.188.128
              Source: unknownTCP traffic detected without corresponding DNS query: 23.46.188.128
              Source: unknownTCP traffic detected without corresponding DNS query: 23.46.188.128
              Source: unknownTCP traffic detected without corresponding DNS query: 23.46.188.128
              Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
              Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
              Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
              Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
              Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
              Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
              Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
              Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
              Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
              Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
              Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
              Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
              Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
              Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
              Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
              Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
              Source: global trafficDNS traffic detected: DNS query: ortelia.com
              Source: global trafficDNS traffic detected: DNS query: d1f8f9xcsvx3ha.cloudfront.net
              Source: global trafficDNS traffic detected: DNS query: s.w.org
              Source: global trafficDNS traffic detected: DNS query: www.google.com
              Source: global trafficDNS traffic detected: DNS query: analytics.google.com
              Source: global trafficDNS traffic detected: DNS query: stats.g.doubleclick.net
              Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
              Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
              Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
              Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
              Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
              Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
              Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
              Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
              Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
              Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
              Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
              Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
              Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
              Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
              Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
              Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
              Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
              Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
              Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
              Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
              Source: unknownHTTPS traffic detected: 23.46.188.128:443 -> 192.168.2.16:49741 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 23.46.188.128:443 -> 192.168.2.16:49745 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49749 version: TLS 1.2
              Source: classification engineClassification label: mal52.troj.win@27/333@16/136
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Users\user\AppData\Local\Temp\nsy88C2.tmp
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile read: C:\Users\desktop.ini
              Source: C:\Users\user\Downloads\CuratorSetup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
              Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://ortelia.com/download-ortelia-curator/
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1952,i,16433353149473485546,11441211816697710933,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1952,i,16433353149473485546,11441211816697710933,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4324 --field-trial-handle=1952,i,16433353149473485546,11441211816697710933,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4324 --field-trial-handle=1952,i,16433353149473485546,11441211816697710933,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\Downloads\CuratorSetup.exe "C:\Users\user\Downloads\CuratorSetup.exe"
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\Downloads\CuratorSetup.exe "C:\Users\user\Downloads\CuratorSetup.exe"
              Source: C:\Users\user\Downloads\CuratorSetup.exeProcess created: C:\Program Files\Ortelia Curator\vc_redist.x64.exe "C:\Program Files\Ortelia Curator\vc_redist.x64.exe" /silent
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeProcess created: C:\Program Files\Ortelia Curator\vc_redist.x64.exe "C:\Program Files\Ortelia Curator\vc_redist.x64.exe" /silent -burn.unelevated BurnPipe.{43283AE4-5BB8-44FA-9263-CFC3EA715B84} {2CADAC6A-0855-4F21-A415-28FC270B2FA9} 8188
              Source: C:\Users\user\Downloads\CuratorSetup.exeProcess created: C:\Program Files\Ortelia Curator\vc_redist.x64.exe "C:\Program Files\Ortelia Curator\vc_redist.x64.exe" /silent
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeProcess created: C:\Program Files\Ortelia Curator\vc_redist.x64.exe "C:\Program Files\Ortelia Curator\vc_redist.x64.exe" /silent -burn.unelevated BurnPipe.{43283AE4-5BB8-44FA-9263-CFC3EA715B84} {2CADAC6A-0855-4F21-A415-28FC270B2FA9} 8188
              Source: C:\Users\user\Downloads\CuratorSetup.exeProcess created: C:\Program Files\Ortelia Curator\OrteliaCurator.exe "C:\Program Files\Ortelia Curator\OrteliaCurator.exe"
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess created: C:\Program Files\Ortelia Curator\UnityCrashHandler64.exe "C:\Program Files\Ortelia Curator\UnityCrashHandler64.exe" --attach 7600 2993575759872
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Users\user\Downloads\CuratorSetup.exeProcess created: C:\Program Files\Ortelia Curator\OrteliaCurator.exe "C:\Program Files\Ortelia Curator\OrteliaCurator.exe"
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess created: C:\Program Files\Ortelia Curator\UnityCrashHandler64.exe "C:\Program Files\Ortelia Curator\UnityCrashHandler64.exe" --attach 7600 2993575759872
              Source: C:\Users\user\Downloads\CuratorSetup.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeSection loaded: userenv.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeSection loaded: apphelp.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeSection loaded: propsys.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeSection loaded: dwmapi.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeSection loaded: cryptbase.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeSection loaded: oleacc.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeSection loaded: version.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeSection loaded: shfolder.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeSection loaded: windows.storage.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeSection loaded: wldp.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeSection loaded: profapi.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeSection loaded: riched20.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeSection loaded: usp10.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeSection loaded: msls31.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeSection loaded: textinputframework.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeSection loaded: coreuicomponents.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeSection loaded: coremessaging.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeSection loaded: ntmarta.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeSection loaded: wintypes.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeSection loaded: wintypes.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeSection loaded: wintypes.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeSection loaded: textshaping.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeSection loaded: linkinfo.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeSection loaded: ntshrui.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeSection loaded: sspicli.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeSection loaded: srvcli.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeSection loaded: cscapi.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: cabinet.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: msi.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: wininet.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: version.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: msasn1.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: kernel.appcore.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: msxml3.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: windows.storage.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: wldp.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: profapi.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: apphelp.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: uxtheme.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: textinputframework.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: coreuicomponents.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: coremessaging.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: ntmarta.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: wintypes.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: wintypes.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: wintypes.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: srclient.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: spp.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: powrprof.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: vssapi.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: vsstrace.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: umpdc.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: cabinet.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: msi.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: wininet.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: version.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: msasn1.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: kernel.appcore.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: msxml3.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: windows.storage.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: wldp.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: profapi.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: feclient.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: iertutil.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: uxtheme.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: textinputframework.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: coreuicomponents.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: coremessaging.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: ntmarta.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: wintypes.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: wintypes.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: wintypes.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: windowscodecs.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: explorerframe.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: riched20.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: usp10.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: msls31.dll
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeSection loaded: textshaping.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeSection loaded: netutils.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: unityplayer.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: version.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: opengl32.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: winmm.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: winhttp.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: hid.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: glu32.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: apphelp.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: kernel.appcore.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: uxtheme.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: windows.storage.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: wldp.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: profapi.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: mswsock.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: d3d11.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: dxgi.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: resourcepolicyclient.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: d3d10warp.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: dxcore.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: wbemcomn.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: amsi.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: userenv.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: mmdevapi.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: devobj.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: xinput1_3.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: xinput9_1_0.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: dcomp.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: dwmapi.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: textinputframework.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: coreuicomponents.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: coremessaging.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: ntmarta.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: wintypes.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: wintypes.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: wintypes.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: cryptsp.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: rsaenh.dll
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeSection loaded: cryptbase.dll
              Source: C:\Program Files\Ortelia Curator\UnityCrashHandler64.exeSection loaded: dbghelp.dll
              Source: C:\Program Files\Ortelia Curator\UnityCrashHandler64.exeSection loaded: wininet.dll
              Source: C:\Program Files\Ortelia Curator\UnityCrashHandler64.exeSection loaded: version.dll
              Source: C:\Program Files\Ortelia Curator\UnityCrashHandler64.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile written: C:\Users\user\AppData\Local\Temp\nsu8A79.tmp\ioSpecial.ini
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\AccentBeamShaper.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\AccentBeamSpot.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\AstralAxial18-34Zoomspot.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\AstralAxial22-44Zoomspot.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\Aureal_26_50_BeamShaper.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\Aureal_FrescoFlood.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\ellipsoidalFixedFL.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\ellipsoidalZoom.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\FrescoLEDWallWasher.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\fresnel.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\LEDWallWasher.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\PL1LEDLuminaire.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\PL1_20_50_Beam.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\PL3_NarrowBeam.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\PL3_WideBeamLED.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\scoop.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\SeleconDisplayLEDProfile.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\SeleconDisplayProfile_15_35.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\SeleconDisplayProfile_25_50.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\SeleconWingCDM.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\SeleconWingLinear.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Lights\SeleconWingTuneable.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Frames
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Frames\Deep White.jpg
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Frames\Deep White.json
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Frames\Ornate 1.jpg
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Frames\Ornate 1.json
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Frames\Ornate 2.png
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Frames\Ornate 2.json
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Frames\Rustic Wood.jpg
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Frames\Rustic Wood.json
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Frames\Simple Maple.jpg
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Frames\Simple Maple.json
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Frames\Simple Oak.jpg
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Frames\Simple Oak.json
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\EmbedRuntime
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\EmbedRuntime\mono-2.0-bdwgc.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\EmbedRuntime\MonoPosixHelper.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\2.0
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\2.0\Browsers
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\2.0\Browsers\Compat.browser
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\2.0\DefaultWsdlHelpGenerator.aspx
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\2.0\machine.config
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\2.0\settings.map
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\2.0\web.config
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.0
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.0\Browsers
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.0\Browsers\Compat.browser
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.0\DefaultWsdlHelpGenerator.aspx
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.0\machine.config
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.0\settings.map
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.0\web.config
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.5
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.5\Browsers
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.5\Browsers\Compat.browser
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.5\DefaultWsdlHelpGenerator.aspx
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.5\machine.config
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.5\settings.map
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.5\web.config
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\browscap.ini
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\config
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\mconfig
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\mconfig\config.xml
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator.exe
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\blank.jpg
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\freeimage-license.txt
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\FFmpeg
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\FFmpeg\blank.jpg
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\FFmpeg\ffmpeg-20160530-git-d74cc61.tar.xz
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\FFmpeg\ffmpeg.exe
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\pdf
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\pdf\elevation.css
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\pdf\source
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\pdf\source\libwkhtmltox-0.11.0_rc1.zip
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\pdf\wkhtmltopdf.exe
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\app.info
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\boot.config
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\globalgamemanagers
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\globalgamemanagers.assets
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\level0
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\level1
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\level2
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\level3
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Accessibility.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\AGM.EdgeDetection.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Assembly-CSharp-firstpass.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Assembly-CSharp.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Autodesk.Fbx.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\BakeryRuntimeAssembly.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Byn.Awrtc.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Byn.Awrtc.Native.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\CTCommon.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\FreeImageNET.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\I18N.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\I18N.West.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\ICSharpCode.SharpZipLib.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Mono.Data.Sqlite.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Mono.Posix.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Mono.Security.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Mono.WebBrowser.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\MoodkieSecurity.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\mscorlib.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\netstandard.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Ookii.Dialogs.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Photon3Unity3D.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PhotonChat.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PhotonRealtime.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PhotonUnityNetworking.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PhotonUnityNetworking.Utilities.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PhotonWebSocket.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PLUSManaged.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PLUSManaged.XmlSerializers.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.ComponentModel.Composition.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.ComponentModel.DataAnnotations.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Configuration.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Core.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Data.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Design.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Diagnostics.StackTrace.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Drawing.Design.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Drawing.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.EnterpriseServices.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Globalization.Extensions.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.IO.Compression.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.IO.Compression.FileSystem.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Net.Http.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Numerics.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Runtime.Serialization.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Runtime.Serialization.Formatters.Soap.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Runtime.Serialization.Xml.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Security.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.ServiceModel.Internals.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Transactions.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Web.ApplicationServices.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Web.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Web.Services.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Windows.Forms.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Xml.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Xml.Linq.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Xml.XPath.XDocument.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.Analytics.DataPrivacy.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.Formats.Fbx.Runtime.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.Postprocessing.Runtime.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.ProBuilder.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.ProBuilder.KdTree.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.ProBuilder.Poly2Tri.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.ProBuilder.Stl.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.Recorder.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.Recorder.Base.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.ScriptableBuildPipeline.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.TextMeshPro.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.Timeline.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.AccessibilityModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.Advertisements.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.AIModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.AndroidJNIModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.AnimationModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ARModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.AssetBundleModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.AudioModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ClothModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ClusterInputModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ClusterRendererModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.CoreModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.CrashReportingModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.DirectorModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.DSPGraphModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.GameCenterModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.GridModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.HotReloadModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ImageConversionModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.IMGUIModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.InputLegacyModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.InputModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.JSONSerializeModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.LouserzationModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.Monetization.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ParticleSystemModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.PerformanceReportingModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.Physics2DModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.PhysicsModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ProfilerModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.Purchasing.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ScreenCaptureModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.SharedInternalsModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.SpatialTracking.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.SpriteMaskModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.SpriteShapeModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.StreamingModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.SubstanceModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.SubsystemsModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.TerrainModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.TerrainPhysicsModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.TextCoreModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.TextRenderingModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.TilemapModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.TLSModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UI.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UIElementsModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UIModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UmbraModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UNETModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityAnalyticsModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityConnectModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityTestProtocolModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityWebRequestAssetBundleModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityWebRequestAudioModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityWebRequestModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityWebRequestTextureModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityWebRequestWWWModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.VehiclesModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.VFXModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.VideoModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.VRModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.WindModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.XR.LegacyInputHelpers.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.XRModule.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Vectrosity.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\WebRtcCSharp.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\wrtc.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\assimp.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\FreeImage.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\libbrotli.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\libfastlz.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\liblz4.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\liblzma.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\libzipw.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\ProResToolbox.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\ProResWrapper.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\UnityFbxSdkNative.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\webrtccsharpwrap.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Resources
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Resources\unity default resources
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Resources\unity_builtin_extra
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\resources.assets
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\resources.assets.resS
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\sharedassets0.assets
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\sharedassets0.assets.resS
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\sharedassets0.resource
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\sharedassets1.assets
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\sharedassets1.assets.resS
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\sharedassets2.assets
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\sharedassets2.assets.resS
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\sharedassets3.assets
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Spaces
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Spaces\Default.ocs
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Exh
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Exh\OrteliaDemo.exh
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\UnityCrashHandler64.exe
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\vc_redist.x64.exe
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\UnityPlayer.dll
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\Ortelia Curator.url
              Source: C:\Users\user\Downloads\CuratorSetup.exeDirectory created: C:\Program Files\Ortelia Curator\uninst.exe
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.SubstanceModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.Formats.Fbx.Runtime.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Vectrosity.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ClusterInputModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.CrashReportingModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.ComponentModel.Composition.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.HotReloadModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Core.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Runtime.Serialization.Xml.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Data.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\libzipw.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.AssetBundleModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\uninst.exeJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.LouserzationModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.AIModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Numerics.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.Advertisements.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UIElementsModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.ProBuilder.Poly2Tri.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Byn.Awrtc.Native.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.IO.Compression.FileSystem.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator.exeJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\libbrotli.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityWebRequestModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.Recorder.Base.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.TextRenderingModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Drawing.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\ICSharpCode.SharpZipLib.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.XR.LegacyInputHelpers.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Globalization.Extensions.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UmbraModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.PerformanceReportingModule.dllJump to dropped file
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\16f10be9-37f6-414c-a0a4-a45f20055150.tmpJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.Physics2DModule.dllJump to dropped file
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\wixstdba.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.SubsystemsModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\assimp.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.PhysicsModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Web.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.GridModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\ProResToolbox.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.TextCoreModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.Monetization.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\wrtc.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Security.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Transactions.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\UnityCrashHandler64.exeJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.TextMeshPro.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Users\user\AppData\Local\Temp\nsu8A79.tmp\AccessControl.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.Purchasing.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.DirectorModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PhotonRealtime.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Assembly-CSharp-firstpass.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.VFXModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.AnimationModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.ComponentModel.DataAnnotations.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.WindModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Photon3Unity3D.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Byn.Awrtc.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.ProBuilder.Stl.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityWebRequestWWWModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.TerrainPhysicsModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\CTCommon.dllJump to dropped file
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\Unconfirmed 530961.crdownloadJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UI.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Runtime.Serialization.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\ProResWrapper.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Xml.Linq.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PhotonWebSocket.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityWebRequestAssetBundleModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Users\user\AppData\Local\Temp\nsu8A79.tmp\InstallOptions.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.VRModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Mono.Posix.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\EmbedRuntime\mono-2.0-bdwgc.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Web.ApplicationServices.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.TLSModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\UnityPlayer.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.ScriptableBuildPipeline.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.TerrainModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Diagnostics.StackTrace.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Mono.Data.Sqlite.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.SpriteShapeModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\vc_redist.x64.exeJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\libfastlz.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Design.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.JSONSerializeModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ImageConversionModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ClothModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\AGM.EdgeDetection.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Users\user\AppData\Local\Temp\nsu8A79.tmp\UserInfo.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.SpriteMaskModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Windows.Forms.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PLUSManaged.XmlSerializers.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Web.Services.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Xml.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\FFmpeg\ffmpeg.exeJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\webrtccsharpwrap.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\liblzma.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UIModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.Timeline.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\mscorlib.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.VehiclesModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.XRModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Assembly-CSharp.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.InputLegacyModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.InputModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\FreeImageNET.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\WebRtcCSharp.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.StreamingModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.VideoModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.IO.Compression.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UNETModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityAnalyticsModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Xml.XPath.XDocument.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.AccessibilityModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\UnityFbxSdkNative.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Accessibility.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityWebRequestAudioModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PLUSManaged.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\BakeryRuntimeAssembly.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\netstandard.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\I18N.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Runtime.Serialization.Formatters.Soap.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\pdf\wkhtmltopdf.exeJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\liblz4.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.AndroidJNIModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PhotonChat.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.Analytics.DataPrivacy.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.DSPGraphModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.TilemapModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ParticleSystemModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PhotonUnityNetworking.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.ServiceModel.Internals.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Mono.Security.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityConnectModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ProfilerModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ARModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\MonoBleedingEdge\EmbedRuntime\MonoPosixHelper.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.GameCenterModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Ookii.Dialogs.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Configuration.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.CoreModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\I18N.West.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\FreeImage.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Mono.WebBrowser.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ClusterRendererModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.Recorder.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.SharedInternalsModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.IMGUIModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.SpatialTracking.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.Postprocessing.Runtime.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PhotonUnityNetworking.Utilities.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.EnterpriseServices.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ScreenCaptureModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Net.Http.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.ProBuilder.KdTree.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.ProBuilder.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityTestProtocolModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Drawing.Design.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Autodesk.Fbx.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\MoodkieSecurity.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityWebRequestTextureModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.AudioModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\freeimage-license.txt
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1028\license.rtf
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1029\license.rtf
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1031\license.rtf
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1036\license.rtf
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1040\license.rtf
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1041\license.rtf
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1042\license.rtf
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1045\license.rtf
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1046\license.rtf
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1049\license.rtf
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1055\license.rtf
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\2052\license.rtf
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\3082\license.rtf
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeFile created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\license.rtf
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ortelia Curator
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ortelia Curator\Ortelia Curator.lnk
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ortelia Curator\Uninstall.lnk
              Source: C:\Users\user\Downloads\CuratorSetup.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\CuratorSetup.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Downloads\CuratorSetup.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Ortelia Curator\UnityCrashHandler64.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeWindow / User API: threadDelayed 1169
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.SubstanceModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.Formats.Fbx.Runtime.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ClusterInputModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Vectrosity.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.CrashReportingModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.ComponentModel.Composition.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.HotReloadModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Core.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Runtime.Serialization.Xml.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Data.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\libzipw.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.AssetBundleModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\uninst.exeJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.LouserzationModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.AIModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Numerics.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.Advertisements.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UIElementsModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.ProBuilder.Poly2Tri.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Byn.Awrtc.Native.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.IO.Compression.FileSystem.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\libbrotli.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityWebRequestModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.Recorder.Base.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.TextRenderingModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Drawing.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\ICSharpCode.SharpZipLib.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.XR.LegacyInputHelpers.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UmbraModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Globalization.Extensions.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.PerformanceReportingModule.dllJump to dropped file
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\wixstdba.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.Physics2DModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.SubsystemsModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\assimp.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.PhysicsModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.GridModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Web.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\ProResToolbox.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.TextCoreModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.Monetization.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Security.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\wrtc.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Transactions.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.TextMeshPro.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsu8A79.tmp\AccessControl.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.Purchasing.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.DirectorModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PhotonRealtime.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Assembly-CSharp-firstpass.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.AnimationModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.VFXModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.ComponentModel.DataAnnotations.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.WindModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Photon3Unity3D.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Byn.Awrtc.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.ProBuilder.Stl.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\CTCommon.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.TerrainPhysicsModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityWebRequestWWWModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UI.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\ProResWrapper.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Runtime.Serialization.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Xml.Linq.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PhotonWebSocket.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityWebRequestAssetBundleModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsu8A79.tmp\InstallOptions.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.VRModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Mono.Posix.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\MonoBleedingEdge\EmbedRuntime\mono-2.0-bdwgc.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Web.ApplicationServices.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.TLSModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\UnityPlayer.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.ScriptableBuildPipeline.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.TerrainModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Diagnostics.StackTrace.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Mono.Data.Sqlite.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.SpriteShapeModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\libfastlz.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.JSONSerializeModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Design.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ImageConversionModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ClothModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\AGM.EdgeDetection.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsu8A79.tmp\UserInfo.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.SpriteMaskModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Windows.Forms.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Web.Services.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PLUSManaged.XmlSerializers.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Xml.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\FFmpeg\ffmpeg.exeJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\webrtccsharpwrap.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\liblzma.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UIModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.Timeline.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\mscorlib.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.VehiclesModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.XRModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Assembly-CSharp.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.InputModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.InputLegacyModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\FreeImageNET.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\WebRtcCSharp.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.StreamingModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.VideoModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.IO.Compression.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UNETModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityAnalyticsModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Xml.XPath.XDocument.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.AccessibilityModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\UnityFbxSdkNative.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Accessibility.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityWebRequestAudioModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PLUSManaged.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\BakeryRuntimeAssembly.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\netstandard.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\I18N.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Runtime.Serialization.Formatters.Soap.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\pdf\wkhtmltopdf.exeJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\liblz4.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.AndroidJNIModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.Analytics.DataPrivacy.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.DSPGraphModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PhotonChat.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.TilemapModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ParticleSystemModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.ServiceModel.Internals.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PhotonUnityNetworking.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Mono.Security.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityConnectModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ProfilerModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ARModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\MonoBleedingEdge\EmbedRuntime\MonoPosixHelper.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Ookii.Dialogs.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.GameCenterModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Configuration.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.CoreModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\I18N.West.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\FreeImage.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Mono.WebBrowser.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ClusterRendererModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.Recorder.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.SharedInternalsModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.IMGUIModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.SpatialTracking.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.Postprocessing.Runtime.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PhotonUnityNetworking.Utilities.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ScreenCaptureModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.EnterpriseServices.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Net.Http.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.ProBuilder.KdTree.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.ProBuilder.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Drawing.Design.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Autodesk.Fbx.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityTestProtocolModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\MoodkieSecurity.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityWebRequestTextureModule.dllJump to dropped file
              Source: C:\Users\user\Downloads\CuratorSetup.exeDropped PE file which has not been started: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.AudioModule.dllJump to dropped file
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exe TID: 6016Thread sleep count: 1169 > 30
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile Volume queried: C:\Program Files FullSizeInformation
              Source: C:\Users\user\Downloads\CuratorSetup.exeFile Volume queried: C:\Program Files FullSizeInformation
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeProcess created: C:\Program Files\Ortelia Curator\UnityCrashHandler64.exe "C:\Program Files\Ortelia Curator\UnityCrashHandler64.exe" --attach 7600 2993575759872
              Source: C:\Users\user\Downloads\CuratorSetup.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Users\user\Downloads\CuratorSetup.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Program Files\Ortelia Curator\vc_redist.x64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\logo.png VolumeInformation
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeKey value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation TimeZoneKeyName
              Source: C:\Program Files\Ortelia Curator\OrteliaCurator.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

              Stealing of Sensitive Information

              barindex
              Yara detected Havoc
              Source: Yara matchFile source: C:\Users\user\Downloads\Unconfirmed 530961.crdownload, type: DROPPED
              Source: Yara matchFile source: C:\Users\user\Downloads\Unconfirmed 530961.crdownload, type: DROPPED
              Source: Yara matchFile source: C:\Users\user\Downloads\Unconfirmed 530961.crdownload, type: DROPPED

              Remote Access Functionality

              barindex
              Yara detected Havoc
              Source: Yara matchFile source: C:\Users\user\Downloads\Unconfirmed 530961.crdownload, type: DROPPED
              Source: Yara matchFile source: C:\Users\user\Downloads\Unconfirmed 530961.crdownload, type: DROPPED
              Source: Yara matchFile source: C:\Users\user\Downloads\Unconfirmed 530961.crdownload, type: DROPPED

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
              DLL Side-Loading              		11
              Process Injection              		3
              Masquerading              		OS Credential Dumping1
              System Time Discovery              		Remote ServicesData from Local System2
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/Job1
              Registry Run Keys / Startup Folder              		1
              DLL Side-Loading              		1
              Virtualization/Sandbox Evasion              		LSASS Memory1
              Virtualization/Sandbox Evasion              		Remote Desktop ProtocolData from Removable Media1
              Non-Application Layer Protocol              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
              Registry Run Keys / Startup Folder              		11
              Process Injection              		Security Account Manager1
              Application Window Discovery              		SMB/Windows Admin SharesData from Network Shared Drive2
              Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              DLL Side-Loading              		NTDS2
              File and Directory Discovery              		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets13
              System Information Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              https://ortelia.com/download-ortelia-curator/0%Avira URL Cloudsafe

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Local\Temp\nsu8A79.tmp\InstallOptions.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\nsu8A79.tmp\InstallOptions.dll0%VirustotalBrowse
              C:\Users\user\AppData\Local\Temp\nsu8A79.tmp\UserInfo.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\nsu8A79.tmp\UserInfo.dll0%VirustotalBrowse
              C:\Users\user\Downloads\CuratorSetup.exe (copy)0%VirustotalBrowse
              C:\Program Files\Ortelia Curator\MonoBleedingEdge\EmbedRuntime\MonoPosixHelper.dll0%ReversingLabs
              C:\Program Files\Ortelia Curator\MonoBleedingEdge\EmbedRuntime\MonoPosixHelper.dll0%VirustotalBrowse
              C:\Program Files\Ortelia Curator\MonoBleedingEdge\EmbedRuntime\mono-2.0-bdwgc.dll0%ReversingLabs
              C:\Program Files\Ortelia Curator\MonoBleedingEdge\EmbedRuntime\mono-2.0-bdwgc.dll0%VirustotalBrowse
              C:\Program Files\Ortelia Curator\OrteliaCurator.exe0%ReversingLabs
              C:\Program Files\Ortelia Curator\OrteliaCurator.exe0%VirustotalBrowse
              C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\AGM.EdgeDetection.dll0%VirustotalBrowse
              C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Accessibility.dll0%ReversingLabs
              C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Accessibility.dll0%VirustotalBrowse
              C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Assembly-CSharp-firstpass.dll0%ReversingLabs
              C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Assembly-CSharp-firstpass.dll0%VirustotalBrowse
              C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Assembly-CSharp.dll0%ReversingLabs
              C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Assembly-CSharp.dll0%VirustotalBrowse
              C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Autodesk.Fbx.dll0%VirustotalBrowse

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              No Antivirus matches

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              ortelia.com
              		139.99.130.163
              		truefalse
                		unknown
                www.google.com
                		142.251.15.103
                		truefalse
                  		high
                  analytics.google.com
                  		173.194.219.138
                  		truefalse
                    		high
                    s.w.org
                    		192.0.77.48
                    		truefalse
                      		high
                      d1f8f9xcsvx3ha.cloudfront.net
                      		3.161.169.25
                      		truefalse
                        		high
                        stats.g.doubleclick.net
                        		64.233.176.154
                        		truefalse
                          		high

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          172.253.124.100
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          1.1.1.1
                          		unknownAustralia
                          		13335CLOUDFLARENETUSfalse
                          139.99.130.163
                          		ortelia.comCanada
                          		16276OVHFRfalse
                          142.250.105.84
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          64.233.176.95
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          173.194.219.138
                          		analytics.google.comUnited States
                          		15169GOOGLEUSfalse
                          142.250.105.100
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          173.194.219.113
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          64.233.176.97
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          173.194.219.94
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          239.255.255.250
                          		unknownReserved
                          		unknownunknownfalse
                          64.233.176.154
                          		stats.g.doubleclick.netUnited States
                          		15169GOOGLEUSfalse
                          142.251.15.94
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          3.161.169.25
                          		d1f8f9xcsvx3ha.cloudfront.netUnited States
                          		16509AMAZON-02USfalse
                          3.161.169.36
                          		unknownUnited States
                          		16509AMAZON-02USfalse
                          142.251.15.103
                          		www.google.comUnited States
                          		15169GOOGLEUSfalse
                          74.125.138.94
                          		unknownUnited States
                          		15169GOOGLEUSfalse

                          Private

                          IP
                          192.168.2.16

                          General Information

                          Joe Sandbox version:40.0.0 Tourmaline
                          Analysis ID:1431415
                          Start date and time:2024-04-25 03:13:49 +02:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:defaultwindowsinteractivecookbook.jbs
                          Sample URL:https://ortelia.com/download-ortelia-curator/
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Number of analysed new started processes analysed:21
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • EGA enabled
                          Analysis Mode:stream
                          Analysis stop reason:Timeout
                          Detection:MAL
                          Classification:mal52.troj.win@27/333@16/136

                          Warnings

                          • Exclude process from analysis (whitelisted): svchost.exe
                          • Excluded IPs from analysis (whitelisted): 173.194.219.94, 142.250.105.100, 142.250.105.101, 142.250.105.102, 142.250.105.139, 142.250.105.113, 142.250.105.138, 142.250.105.84, 34.104.35.123, 64.233.176.95, 74.125.138.94
                          • Excluded domains from analysis (whitelisted): fonts.googleapis.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, fonts.gstatic.com, clientservices.googleapis.com, clients.l.google.com
                          • Not all processes where analyzed, report is missing behavior information
                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.
                          • Skipping network analysis since amount of network traffic is too extensive

                          Created / dropped Files

                          C:\Program Files\Ortelia Curator\Exh\OrteliaDemo.exh

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):7890310
                          Entropy (8bit):7.4720339603938575
                          Encrypted:false
                          SSDEEP:
                          MD5:1F5BBEE5CB2D33CE6ECF354016A1D191
                          SHA1:5390336D55A83C02F3EFB69BAEADFBC3C1EE350B
                          SHA-256:B71A977E5E6AD495E8CB9515F57E618D35CA939F845549050AFDE2DD09598A9C
                          SHA-512:62C8353200306F47C01A11DAAF3C6EBA1A2ED89B645DE570F268943FD1708673E70A02E995D36E997E94DF950D5B8B3AFC266DBA777BBE0A339F280EC7FEEB1C
                          Malicious:false
                          Reputation:unknown
                          Preview:~.galleryWallColour4225941.....1K.2{v.?{v.?{v.?...?{~.artworkType0..........galleryWall{~.galleryWallColour29446342.....1K.2...?...?...?...?{~.artworkType1..........galleryWall{~.galleryWallColour87959061.....1K.2...?...?...?...?{~.artworkType2..........galleryWall{~.galleryWallColour82499094.....1K.2...?...?...?...?{~.artworkType3..........galleryWall{~.galleryWallColour14162034.....1K.2...?...?...?...?{~.artworkType4..........galleryWall{~.galleryWallColour46512928.....1K.2...?...?...?...?{~.artworkType5..........galleryWall{~.galleryWallColour8018760.....1K.2...?...?...?...?{~.artworkType6..........galleryWall{~.galleryWallColour25243560.....1K.2...?...?...?...?{~.artworkType7..........galleryWall{~.galleryWallColour2317031.....1K.2...?...?...?...?{~.artworkType8..........galleryWall{~.galleryWallColour46242626.....1K.2...?...?...?...?{~.artworkType9..........galleryWall{~.galleryWallColour8371440.....1K.2...?...?...?...?{~.artworkType10..........galleryWall{~.galleryWallColour50963

                          C:\Program Files\Ortelia Curator\Frames\Deep White.jpg

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS5.1 Windows, datetime=2021:05:31 17:39:39], baseline, precision 8, 512x512, components 3
                          Category:dropped
                          Size (bytes):97975
                          Entropy (8bit):7.7255321251522595
                          Encrypted:false
                          SSDEEP:
                          MD5:6E1CEE2FB559FAC519AB21B08397D1A6
                          SHA1:F7C4E2C830D23152AF4B03A392A3BA144023EF55
                          SHA-256:E315978B10CFCDE507EB849FAE09877B719EF255A47D8C57EDEF08C7F3F4A52D
                          SHA-512:C76472E13F25C7EEB918E95995AAE8708A390050FE3FE777DE6D1BDDC796DFCFABA5EF714E74CD359B1CFFCA026659E3B1FB50742F72E97858EA2C4CF6F7191E
                          Malicious:false
                          Reputation:unknown
                          Preview:......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............-....'..-....'.Adobe Photoshop CS5.1 Windows.2021:05:31 17:39:39..................................................................................&.(.........................................H.......H..........Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...2%.s.ZUp....i....KDP..I%)$.IH.cI..l&K....U.\./y................AM)&..B.I$..I.$......$.....2%.ry..eW....!....I.)$.$.$.d...<.YX.>.U....C.....{,.....1...i

                          C:\Program Files\Ortelia Curator\Frames\Deep White.json

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):747
                          Entropy (8bit):4.564484836767709
                          Encrypted:false
                          SSDEEP:
                          MD5:F2C4BC380FF21E97419AAFC2BEEFA145
                          SHA1:7462FA1DE0C943A6F0C60D688EF424707F46CFD5
                          SHA-256:EF18514138F19A5B2A41DAE5142E6BC966EBF57873BFA37637D07CF29E3C4ACA
                          SHA-512:A9C50D54C5FAE528D4E56A883F37483FB51B7B687CEDFEC3CF1DFCA569BE5D04BBFD6A9A90928A41724553C63D9440576F635C43CB96A5C4EE4692FCEA6A4AAD
                          Malicious:false
                          Reputation:unknown
                          Preview:{..."id":"73178602",..."file":"Deep White.jpg",..."style": "2D",..."fixedColour":"true",..."defaultWidth":"0.03f",..."thumbBL":{...."x":"0",...."y":"0"...},..."thumbSize":{...."x":"237",...."y":"237"...},..."defaultColour":{ ...."r":"1",...."g":"1",...."b":"1",...."a":"1" ...},..."defaultInnerColour":{ ...."r":"1", ...."g":"1", ...."b":"1", ...."a":"1" ...},..."res":{ ...."x":"512", ...."y":"512" ...},..."cornerBL":{ ...."x":"0", ...."y":"0" ...},..."cornerSize":{ ...."x":"237", ...."y":"237" ...},..."tilepos":"275",..."tilemulti":"1",..."centerBL":{ ...."x":"0", ...."y":"0" ...},..."centerSize":{ ...."x":"0", ...."y":"0" ...},..."sidepos":"339",..."sidewidth":"59",..."overhangoutside":"0",..."overhanginside":"0",..."thickness":"0.12"..}

                          C:\Program Files\Ortelia Curator\Frames\Ornate 1.jpg

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS5.1 Windows, datetime=2021:09:01 15:25:48], baseline, precision 8, 512x512, components 3
                          Category:dropped
                          Size (bytes):411618
                          Entropy (8bit):7.970071983625489
                          Encrypted:false
                          SSDEEP:
                          MD5:4381D5F6ECBFCCE867C5C0AA32D7D3C8
                          SHA1:E0F3954AEEE8740D557F7FE29F6D153738218F8E
                          SHA-256:02BC1E9912556025F8C6E5435BC3965ECAB797F4564783B6E482A90DAFE8BD17
                          SHA-512:91C7069051C581C697B128659694CA5057F87CC26EAE1FC8FB583D8646DAC6EF897CE5D2A76CB7B8FCF10846D1AD9FDA1124F4DA295D464AEA3A431268018A98
                          Malicious:false
                          Reputation:unknown
                          Preview:....8.Exif..MM.*.............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop CS5.1 Windows.2021:09:01 15:25:48..................................................................................&.(................................7........H.......H..........Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....;N..g.@...q....:FC..t.7.9.w._....}.w.'Y...pX.....2.Zx-5...j.z...M.,......S.w..._e...=K.1P.p...n..a.;.c......g.\....fWOc.s...X.:.1.......?........E

                          C:\Program Files\Ortelia Curator\Frames\Ornate 1.json

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):746
                          Entropy (8bit):4.547735651172068
                          Encrypted:false
                          SSDEEP:
                          MD5:5E41E52CCDAACBB6D98F49E765144CF7
                          SHA1:45F4D8ABCF9E584DD401ABFCDF874448305C46A6
                          SHA-256:2767E9CE55557CD7BEA044C548991B60F6D448409F35D4DCEBA9F4CEB73B6097
                          SHA-512:B6D09B0AFEC63666008AC952D417BE7AA31A8EBD283237831AC46122AEF88F9596F8BC4BEA33698760E334E261918CF79F541B5B610DB866BB2A687C3BD07E3E
                          Malicious:false
                          Reputation:unknown
                          Preview:{..."id":"73178301",..."file":"Ornate 1.jpg",..."style": "2D",..."fixedColour":"true",..."defaultWidth":"0.1f",..."thumbBL":{...."x":"0",...."y":"0"...},..."thumbSize":{...."x":"222",...."y":"222"...},..."defaultColour":{ ...."r":"1",...."g":"1",...."b":"1",...."a":"1" ...},..."defaultInnerColour":{ ...."r":"1", ...."g":"1", ...."b":"1", ...."a":"1" ...},..."res":{ ...."x":"512", ...."y":"512" ...},..."cornerBL":{ ...."x":"0", ...."y":"0" ...},..."cornerSize":{ ...."x":"222", ...."y":"222" ...},..."tilepos":"289",..."tilemulti":"1.0",..."centerBL":{ ...."x":"0", ...."y":"0" ...},..."centerSize":{ ...."x":"0", ...."y":"0" ...},..."sidepos":"238",..."sidewidth":"37",..."overhangoutside":"0",..."overhanginside":"0",..."thickness":"0.04"..}

                          C:\Program Files\Ortelia Curator\Frames\Ornate 2.json

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):756
                          Entropy (8bit):4.59593904353818
                          Encrypted:false
                          SSDEEP:
                          MD5:590BDCF0B611F10D35EF73D52B390423
                          SHA1:E5140AB433A65C33F4106F25BDAF5A00EE9239D0
                          SHA-256:1C193C880A84488149BC5E1F51A3D67E34BC1073C3E1FE87D59564EFE7E6A193
                          SHA-512:B1EB768B7E9F090132C644F9D99689833E1BC7B6D9583FC0D5F4BCCF57DCF2FACBBFB60931489B043B6265499882C564F7FBEAB026E9C2DCE1D2EACB849D7B32
                          Malicious:false
                          Reputation:unknown
                          Preview:{..."id":"73178302",..."file":"Ornate 2.png",..."style": "2D",..."fixedColour":"true",..."defaultWidth":"0.15f",..."thumbBL":{...."x":"0",...."y":"0"...},..."thumbSize":{...."x":"229",...."y":"229"...},..."defaultColour":{ ...."r":"1",...."g":"1",...."b":"1",...."a":"1" ...},..."defaultInnerColour":{ ...."r":"1", ...."g":"1", ...."b":"1", ...."a":"1" ...},..."res":{ ...."x":"512", ...."y":"512" ...},..."cornerBL":{ ...."x":"0", ...."y":"0" ...},..."cornerSize":{ ...."x":"229", ...."y":"229" ...},..."tilepos":"268",..."tilemulti":"1.2",..."centerBL":{ ...."x":"0", ...."y":"251" ...},..."centerSize":{ ...."x":"229", ...."y":"246" ...},..."sidepos":"435",..."sidewidth":"57",..."overhangoutside":"0.03",..."overhanginside":"0",..."thickness":"0.04"..}

                          C:\Program Files\Ortelia Curator\Frames\Ornate 2.png

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
                          Category:dropped
                          Size (bytes):531990
                          Entropy (8bit):7.986725504022344
                          Encrypted:false
                          SSDEEP:
                          MD5:F2AB6FB815F954DECE71AD85C998A70B
                          SHA1:A04236A1E11D4DCD5AAF8A8F6A5FF9A25C19F854
                          SHA-256:79546A3B80A7D449815759B3AE404BCA8C7F80EACB000DB638A3C7ADBDB9DF58
                          SHA-512:067DA94AEDAEFB0447E7A6712104F7617998FBAF41413A28BDEB882FC5ED53330ECF39F9428132BCD86E55FA683C0BC186115A56E9D65D3881DE18E33D37B1A8
                          Malicious:false
                          Reputation:unknown
                          Preview:.PNG........IHDR..............x......pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                          C:\Program Files\Ortelia Curator\Frames\Rustic Wood.jpg

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS5.1 Windows, datetime=2021:09:01 15:41:16], baseline, precision 8, 512x512, components 3
                          Category:dropped
                          Size (bytes):292301
                          Entropy (8bit):7.962756726656377
                          Encrypted:false
                          SSDEEP:
                          MD5:51A5F26C7D2A352C26797279E9ED1E0D
                          SHA1:8BD7BDFD8D63F2C71FC7B4F3025A40F1C1286DAC
                          SHA-256:985C339293996B181C2774322C26988620A839CD03B59B9AD8E8BCBF80940B23
                          SHA-512:C26F8A77D2231AC6C9E64134AD540EFDE401031D85DB0B70FC7BBA0E9DC42976AF6558B7AA5BCE67D2B716983EAC5BEA1A256F2AE7A8120BD268BC8B3DF0D1F9
                          Malicious:false
                          Reputation:unknown
                          Preview:......Exif..MM.*.............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop CS5.1 Windows.2021:09:01 15:41:16..................................................................................&.(.........................................H.......H..........Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.......\..~.P.n5v.4S...7...J.?...-.@{...).x.......v....4..hG........p.stQL.. ..m.~.}h...s..:*....`......]`._.....i..d.......k.../...0.ik..7...]..k.....X

                          C:\Program Files\Ortelia Curator\Frames\Rustic Wood.json

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):749
                          Entropy (8bit):4.555515323332035
                          Encrypted:false
                          SSDEEP:
                          MD5:763511F9870089908F86A003DEBFD89F
                          SHA1:C966F7016AAEAD14EC72F1347EEB6339BA6F1A5B
                          SHA-256:80A0049E924BB7014C53B691A6A9B3A31F135C532AC69871453B1984080F3975
                          SHA-512:500BEB27FF3E0F6F56140AAE8692D6DE4BA21F6D0739C39FF632E10FF6CB0355E080CA13EBD91DF6B3AE52276A5F76E05294BA27A6AE7FAC7752F2A3AF1074EE
                          Malicious:false
                          Reputation:unknown
                          Preview:{..."id":"73178300",..."file":"Rustic Wood.jpg",..."style": "2D",..."fixedColour":"true",..."defaultWidth":"0.1f",..."thumbBL":{...."x":"0",...."y":"0"...},..."thumbSize":{...."x":"222",...."y":"222"...},..."defaultColour":{ ...."r":"1",...."g":"1",...."b":"1",...."a":"1" ...},..."defaultInnerColour":{ ...."r":"1", ...."g":"1", ...."b":"1", ...."a":"1" ...},..."res":{ ...."x":"512", ...."y":"512" ...},..."cornerBL":{ ...."x":"0", ...."y":"0" ...},..."cornerSize":{ ...."x":"222", ...."y":"222" ...},..."tilepos":"289",..."tilemulti":"1.0",..."centerBL":{ ...."x":"0", ...."y":"0" ...},..."centerSize":{ ...."x":"0", ...."y":"0" ...},..."sidepos":"238",..."sidewidth":"37",..."overhangoutside":"0",..."overhanginside":"0",..."thickness":"0.05"..}

                          C:\Program Files\Ortelia Curator\Frames\Simple Maple.jpg

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS5.1 Windows, datetime=2021:06:01 08:29:17], baseline, precision 8, 512x512, components 3
                          Category:dropped
                          Size (bytes):389534
                          Entropy (8bit):7.961174644550829
                          Encrypted:false
                          SSDEEP:
                          MD5:3C0C92612693FD646EA7578945CBBC20
                          SHA1:E42A136178497B716CE19AA28AEF08BD1DB2BC99
                          SHA-256:4DFEB5BE73BAAC2815BD291528443DFF7435D522AAA773D0C9995E29ABE68432
                          SHA-512:705DAD8DF3FFC0FECC4AE306E9C7C36DB44FFF39BD8FF7A6A2263B7E55E8531C27EA3829B657E9174EA2D0311170699DCC457573F3C7E8DC376965AB3CE2B997
                          Malicious:false
                          Reputation:unknown
                          Preview:.....iExif..MM.*.............................b...........j.(...........1.........r.2...........i...............-....'..-....'.Adobe Photoshop CS5.1 Windows.2021:06:01 08:29:17..................................................................................&.(................................-3.......H.......H.........XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch....

                          C:\Program Files\Ortelia Curator\Frames\Simple Maple.json

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):749
                          Entropy (8bit):4.576018819090966
                          Encrypted:false
                          SSDEEP:
                          MD5:7CC3F0008D9023CB5813A9D16A8F21A2
                          SHA1:7EAC29ADA8D26BBBCE20755F2A1431C420E0C8AD
                          SHA-256:BD170A7EF5F447006CF8E616317A140E7E875EAC9C59AA7F38B629F74BAA3139
                          SHA-512:7199FF9250E401621795467020D938E3439ED5A28DFE5E13F3A8EE3D379CD61DC758B9A271BC9CB106C5E35E1308C75BD0FF01D1F86448083F771FFA36934FDE
                          Malicious:false
                          Reputation:unknown
                          Preview:{..."id":"73178501",..."file":"Simple Maple.jpg",..."style": "2D",..."fixedColour":"true",..."defaultWidth":"0.06f",..."thumbBL":{...."x":"0",...."y":"0"...},..."thumbSize":{...."x":"237",...."y":"237"...},..."defaultColour":{ ...."r":"1",...."g":"1",...."b":"1",...."a":"1" ...},..."defaultInnerColour":{ ...."r":"1", ...."g":"1", ...."b":"1", ...."a":"1" ...},..."res":{ ...."x":"512", ...."y":"512" ...},..."cornerBL":{ ...."x":"0", ...."y":"0" ...},..."cornerSize":{ ...."x":"237", ...."y":"237" ...},..."tilepos":"275",..."tilemulti":"1",..."centerBL":{ ...."x":"0", ...."y":"0" ...},..."centerSize":{ ...."x":"0", ...."y":"0" ...},..."sidepos":"339",..."sidewidth":"59",..."overhangoutside":"0",..."overhanginside":"0",..."thickness":"0.02"..}

                          C:\Program Files\Ortelia Curator\Frames\Simple Oak.jpg

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS5.1 Windows, datetime=2021:06:01 08:09:20], baseline, precision 8, 512x512, components 3
                          Category:dropped
                          Size (bytes):214664
                          Entropy (8bit):7.919571831061426
                          Encrypted:false
                          SSDEEP:
                          MD5:832B1AF4F9ECE31DFA796F81D788FAA9
                          SHA1:E60A7EECEF944CD050B96A88F354C3891E4B50C4
                          SHA-256:33604EC2A2E6EAFEFCFBB3CC5E51682D69BFB32DCB9367CB944B1814744F62DD
                          SHA-512:44BF281410A56800A1162B7A18CC943B8BB870F18F09FDE6288E52C474706A7A6B5BB1E00B6A62E94E5DA963D8D6FAC769A84775881D98744529A351CF4BD4D7
                          Malicious:false
                          Reputation:unknown
                          Preview:....!.Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............-....'..-....'.Adobe Photoshop CS5.1 Windows.2021:06:01 08:09:20..................................................................................&.(................................ g.......H.......H.........XICC_PROFILE......HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch....

                          C:\Program Files\Ortelia Curator\Frames\Simple Oak.json

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):750
                          Entropy (8bit):4.584980198858322
                          Encrypted:false
                          SSDEEP:
                          MD5:C11510CF821B4C95A347F33E9E0A72BD
                          SHA1:CF6BB4192482382D0EE93040576871B3CFB29640
                          SHA-256:0BAF595070B21423883B5A928380F59D288FF7E6A9F16C2148AFB950E20A639A
                          SHA-512:7AD3B7C41F3CE77B3FEE8CDD8770B93F6FC1FE5A71743D24A0C994DDD49DA9D7C44410AD86AE17EEA94E8141B75DD516203D15FCD49E4A6E5DA2DE5F1EA29E8F
                          Malicious:false
                          Reputation:unknown
                          Preview:{..."id":"73178400",..."file":"Simple Oak.jpg",..."style": "2D",..."fixedColour":"true",..."defaultWidth":"0.05f",..."thumbBL":{...."x":"0",...."y":"0"...},..."thumbSize":{...."x":"237",...."y":"237"...},..."defaultColour":{ ...."r":"1",...."g":"1",...."b":"1",...."a":"1" ...},..."defaultInnerColour":{ ...."r":"1", ...."g":"1", ...."b":"1", ...."a":"1" ...},..."res":{ ...."x":"512", ...."y":"512" ...},..."cornerBL":{ ...."x":"0", ...."y":"0" ...},..."cornerSize":{ ...."x":"237", ...."y":"237" ...},..."tilepos":"275",..."tilemulti":"0.25",..."centerBL":{ ...."x":"0", ...."y":"0" ...},..."centerSize":{ ...."x":"0", ...."y":"0" ...},..."sidepos":"339",..."sidewidth":"59",..."overhangoutside":"0",..."overhanginside":"0",..."thickness":"0.02"..}

                          C:\Program Files\Ortelia Curator\Lights\AccentBeamShaper.xml

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:exported SGML document, ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):1304
                          Entropy (8bit):5.093064451532826
                          Encrypted:false
                          SSDEEP:
                          MD5:D2B854D6F4647306739F381193AA8A6D
                          SHA1:00FBCB715E54A87EAFD676714BE54C06D713DCF9
                          SHA-256:785EC5D6E40F7CCAE2FED8F76A200DCD1C7026631B10960B86FAC574DB2D936A
                          SHA-512:27442565610389962C14866A283097E3B2896555AA9496D557F9C0445331B6A5CA704535AAFAB853AB27445F2F8BD77ADA11716E32DEAA319D2F9E4C86BEE609
                          Malicious:false
                          Reputation:unknown
                          Preview: Ortelia Interactive Light Configuration File -->....<light>...<base>....<name>Accent BeamShaper</name>....<ID>782416U0-375F-452A-B83A-ED2ADN2830A5</ID> unique identification ID -->........ basetypes: ....planoconvex....ellipsoidalspot....ellipsoidalzoomspot....fresnel....par64....par36....floodlight....-->.....<basetype>ellipsoidalzoomspot</basetype> see above -this is the visual model the light will use -->....<modelscale x="1" y="1" z="1"></modelscale> model scale -->...</base>...<settings>....<focus min="0" max="100"></focus>. focus range, 0 = hard edge, 100+ = super soft edge -->....<angle min="24" max="40"></angle> angle range in degrees -->....<power min="100" max="200"></power> light wattage, this is power per light if it is a striplight-->....<shape>0</shape> 0= circle, 1= oval, 2= square -->....<gobo>1</gobo> gobo allowed? -->....<changecolour>1</changecolour> colour gel allowed? -->....<colour r="1" g="1" b="1"></colour>

                          C:\Program Files\Ortelia Curator\Lights\AccentBeamSpot.xml

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:exported SGML document, ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):1298
                          Entropy (8bit):5.097550784801984
                          Encrypted:false
                          SSDEEP:
                          MD5:98821691AE531445F71799BF57702153
                          SHA1:EC714442AFB384CCB82C96C66776A000C693481B
                          SHA-256:2DAE9A138A08626B6039BAF9330A4717D80768FCFC7C7091BBAE896215828FD2
                          SHA-512:BC3C81D675C824FE670D02C99B29B13F4D96718FE59C8B9E245F92DD0DE65BA3A3B83FA83F6B1E3D976A87A234CEF291063C6DEC614EEC28F517A36A61465335
                          Malicious:false
                          Reputation:unknown
                          Preview: Ortelia Interactive Light Configuration File -->....<light>...<base>....<name>Accent BeamSpot</name>....<ID>84D6B780-8J47-408A-8A93-C459DF7BB71E</ID> unique identification ID -->........ basetypes: ....planoconvex....ellipsoidalspot....ellipsoidalzoomspot....freesnel....par64....par36....floodlight....-->.....<basetype>ellipsoidalspot</basetype> see above -this is the visual model the light will use -->....<modelscale x="1" y="1" z="1"></modelscale> model scale -->...</base>...<settings>....<focus min="80" max="80"></focus>. focus range, 0 = hard edge, 100+ = super soft edge -->....<angle min="25" max="25"></angle> angle range in degrees -->....<power min="70" max="200"></power> light wattage, this is power per light if it is a striplight-->....<shape>0</shape> 0= circle, 1= oval, 2= square -->....<gobo>1</gobo> gobo allowed? -->....<changecolour>1</changecolour> colour gel allowed? -->....<colour r="1" g="1" b="1"></colour> d

                          C:\Program Files\Ortelia Curator\Lights\AstralAxial18-34Zoomspot.xml

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:exported SGML document, ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):1314
                          Entropy (8bit):5.098196921481253
                          Encrypted:false
                          SSDEEP:
                          MD5:AFDB5237B353F011CCBF6285A3C1732D
                          SHA1:E647741ACF73B187DB6B9C74CB2A33DACE71F716
                          SHA-256:FF6318167762BDD9B75E49829C78598FC273DD1EFAA2887CC22D8C534669D436
                          SHA-512:1CBD999FD5E46CD3E64CBC2D0791409A0ED5806EA3AD9333FCCFCD746E1966A97568291B734AD7B35EBD7DD281138B90CC946A781AAFFDA0B977A0327497734E
                          Malicious:false
                          Reputation:unknown
                          Preview: Ortelia Interactive Light Configuration File -->....<light>...<base>....<name>Astral Axial 18-34 Zoomspot</name>....<ID>7823Y5B0-385F-450A-B83A-ED2ABR2830A5</ID> unique identification ID -->........ basetypes: ....planoconvex....ellipsoidalspot....ellipsoidalzoomspot....fresnel....par64....par36....floodlight....-->.....<basetype>ellipsoidalzoomspot</basetype> see above -this is the visual model the light will use -->....<modelscale x="1" y="1" z="1"></modelscale> model scale -->...</base>...<settings>....<focus min="0" max="100"></focus>. focus range, 0 = hard edge, 100+ = super soft edge -->....<angle min="18" max="34"></angle> angle range in degrees -->....<power min="100" max="255"></power> light wattage, this is power per light if it is a striplight-->....<shape>0</shape> 0= circle, 1= oval, 2= square -->....<gobo>1</gobo> gobo allowed? -->....<changecolour>1</changecolour> colour gel allowed? -->....<colour r="1" g="1" b="1">

                          C:\Program Files\Ortelia Curator\Lights\AstralAxial22-44Zoomspot.xml

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:exported SGML document, ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):1314
                          Entropy (8bit):5.100151582843726
                          Encrypted:false
                          SSDEEP:
                          MD5:28E2DBC509D8FFACDC3B7CE7AED1262B
                          SHA1:CE91EF49CD9052FCC6BE25F37EB8E1B96D4806F1
                          SHA-256:81342C09C328999DD6B704E1F06C407A17548005E21090B3792AA07DBD9E8D04
                          SHA-512:136258681764E90543FFEBEC21256927718C27C4D3AAF49F05E54CC07F118631B734AF2161866A750FE6815945741361283219A7251185134E3FEA4B18B8E308
                          Malicious:false
                          Reputation:unknown
                          Preview: Ortelia Interactive Light Configuration File -->....<light>...<base>....<name>Astral Axial 24-44 Zoomspot</name>....<ID>7823M5B0-385F-450A-B83A-ED2ABR2830A5</ID> unique identification ID -->........ basetypes: ....planoconvex....ellipsoidalspot....ellipsoidalzoomspot....fresnel....par64....par36....floodlight....-->.....<basetype>ellipsoidalzoomspot</basetype> see above -this is the visual model the light will use -->....<modelscale x="1" y="1" z="1"></modelscale> model scale -->...</base>...<settings>....<focus min="0" max="100"></focus>. focus range, 0 = hard edge, 100+ = super soft edge -->....<angle min="22" max="44"></angle> angle range in degrees -->....<power min="100" max="255"></power> light wattage, this is power per light if it is a striplight-->....<shape>0</shape> 0= circle, 1= oval, 2= square -->....<gobo>1</gobo> gobo allowed? -->....<changecolour>1</changecolour> colour gel allowed? -->....<colour r="1" g="1" b="1">

                          C:\Program Files\Ortelia Curator\Lights\Aureal_26_50_BeamShaper.xml

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:exported SGML document, ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):1309
                          Entropy (8bit):5.108461827114299
                          Encrypted:false
                          SSDEEP:
                          MD5:D1ED7BA9958E3DBE92B174048334624F
                          SHA1:F0CFA8FD60B2E6451F9889A2CD990AD0499D458F
                          SHA-256:B1EDD3A529201A110E852403F97DC6AE1AD3E6FC60756A46851041F4BD3DD0C2
                          SHA-512:612AD13E4AA896066CA5267F77A2D3E4DFA23E0C2CC019C80F9862270695B3805275B4A2A6856403D2C36AD079514CC15B89F962C1F422920716080A4F5A1242
                          Malicious:false
                          Reputation:unknown
                          Preview: Ortelia Interactive Light Configuration File -->....<light>...<base>....<name>Aureal26-50 BeamShaper</name>....<ID>782715J6-475F-454O-C88A-ED2ANJ7836A5</ID> unique identification ID -->........ basetypes: ....planoconvex....ellipsoidalspot....ellipsoidalzoomspot....fresnel....par64....par36....floodlight....-->.....<basetype>ellipsoidalzoomspot</basetype> see above -this is the visual model the light will use -->....<modelscale x="1" y="1" z="1"></modelscale> model scale -->...</base>...<settings>....<focus min="0" max="100"></focus>. focus range, 0 = hard edge, 100+ = super soft edge -->....<angle min="23" max="50"></angle> angle range in degrees -->....<power min="100" max="255"></power> light wattage, this is power per light if it is a striplight-->....<shape>0</shape> 0= circle, 1= oval, 2= square -->....<gobo>1</gobo> gobo allowed? -->....<changecolour>1</changecolour> colour gel allowed? -->....<colour r="1" g="1" b="1"></col

                          C:\Program Files\Ortelia Curator\Lights\Aureal_FrescoFlood.xml

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:exported SGML document, ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):1306
                          Entropy (8bit):5.100481230135956
                          Encrypted:false
                          SSDEEP:
                          MD5:9D7F2D3135D4DC06A10AC218356C60AF
                          SHA1:8CFB2EEB3066056EF6C75129DAB02469D262CE82
                          SHA-256:B19018D6CEA6174690116805595E60D2EB0EAAFDD4CA887D3DD25004E5D62E9D
                          SHA-512:6E11BD399118E6E9BA5952F0C920675B8934EB8728A7E5DFFB160A6F97211F46F21CEA713D931E1BAC95B2432EEC4C73EB48C3A7E716E15DC7BD66D166BC7BF7
                          Malicious:false
                          Reputation:unknown
                          Preview: Ortelia Interactive Light Configuration File -->....<light>...<base>....<name>Aureal Fresco Flood</name>....<ID>787715J6-475H-454O-C88A-ED2ADJ7833T5</ID> unique identification ID -->........ basetypes: ....planoconvex....ellipsoidalspot....ellipsoidalzoomspot....fresnel....par64....par36....floodlight....-->.....<basetype>ellipsoidalzoomspot</basetype> see above -this is the visual model the light will use -->....<modelscale x="1" y="1" z="1"></modelscale> model scale -->...</base>...<settings>....<focus min="0" max="100"></focus>. focus range, 0 = hard edge, 100+ = super soft edge -->....<angle min="23" max="60"></angle> angle range in degrees -->....<power min="255" max="255"></power> light wattage, this is power per light if it is a striplight-->....<shape>0</shape> 0= circle, 1= oval, 2= square -->....<gobo>1</gobo> gobo allowed? -->....<changecolour>1</changecolour> colour gel allowed? -->....<colour r="1" g="1" b="1"></colour

                          C:\Program Files\Ortelia Curator\Lights\FrescoLEDWallWasher.xml

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:exported SGML document, ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):1301
                          Entropy (8bit):5.104601255402653
                          Encrypted:false
                          SSDEEP:
                          MD5:A43A0DC00C5597366D2F10BDCEFEA6BB
                          SHA1:3968B42861BE0127921F64EFC0BCD6B6FACEBD75
                          SHA-256:65E1B855AEDF5BA7310D00F4F9E364C2990320DD17D1EE8A677332399917C8F9
                          SHA-512:D7297BAFF756A36F12053AFB7643101EDED7B92CA3B8D6EA9F6B9F318AE5A37143FE47A7B2386A257DEBC870929C47AE864F7378CA6F666E3A92AC0DFEF2BC0A
                          Malicious:false
                          Reputation:unknown
                          Preview: Ortelia Interactive Light Configuration File -->....<light>...<base>....<name>Fresco LED Wall Washer</name>....<ID>84HL9A84-F92C-414F-984A-2013UTC1KE4B</ID> unique identification ID -->........ basetypes: ....planoconvex....ellipsoidalspot....ellipsoidalzoomspot....freesnel....par64....par36....floodlight....-->.....<basetype>floodlight</basetype> see above -this is the visual model the light will use -->....<modelscale x="1" y="1" z="1"></modelscale> model scale -->...</base>...<settings>....<focus min="80" max="80"></focus>. focus range, 0 = hard edge, 100+ = super soft edge -->....<angle min="80" max="80"></angle> angle range in degrees -->....<power min="300" max="700"></power> light wattage, this is power per light if it is a striplight-->....<shape>2</shape> 0= circle, 1= oval, 2= square -->....<gobo>1</gobo> gobo allowed? -->....<changecolour>1</changecolour> colour gel allowed? -->....<colour r="1" g="1" b="1"></colour> <!-

                          C:\Program Files\Ortelia Curator\Lights\LEDWallWasher.xml

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:exported SGML document, ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):1306
                          Entropy (8bit):5.101066487554633
                          Encrypted:false
                          SSDEEP:
                          MD5:11FB1DB09DD280BD6550A48291508D62
                          SHA1:BF28678EF9CFA5DCE4E0C755872B670E985F2C35
                          SHA-256:2BEBDC9C71BFD451DC17972D3EDEBD76BF0DAB3073F3CB745504C130E8EF97AE
                          SHA-512:B4FE742E47C4537B17E884B31A48961C266059D4C7674156EDB9BD19790E705A3DCBDFD5C5168DAFBB0BAEA8318511111CDFBB3FA83A88E9A1FD77AB331FBABF
                          Malicious:false
                          Reputation:unknown
                          Preview: Ortelia Interactive Light Configuration File -->....<light>...<base>....<name>LED Wall Washer</name>....<ID>782453U0-385F-453A-B83B-EK2ADA2830A5</ID> unique identification ID -->........ basetypes: ....planoconvex....ellipsoidalspot....ellipsoidalzoomspot....fresnel....par64....par36....floodlight....-->.....<basetype>ellipsoidalzoomspot</basetype> see above -this is the visual model the light will use -->....<modelscale x="1" y="1" z="1"></modelscale> model scale -->...</base>...<settings>....<focus min="50" max="50...."></focus>. focus range, 0 = hard edge, 100+ = super soft edge -->....<angle min="80" max="80"></angle> angle range in degrees -->....<power min="200" max="500"></power> light wattage, this is power per light if it is a striplight-->....<shape>2</shape> 0= circle, 1= oval, 2= square -->....<gobo>1</gobo> gobo allowed? -->....<changecolour>1</changecolour> colour gel allowed? -->....<colour r="1" g="1" b="1"></colour

                          C:\Program Files\Ortelia Curator\Lights\PL1LEDLuminaire.xml

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:exported SGML document, ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):1304
                          Entropy (8bit):5.106616659411485
                          Encrypted:false
                          SSDEEP:
                          MD5:461CD3F22045EF98697876A0789F37CB
                          SHA1:4A368EB0F36B36E4FBD95622DB116510DA9B37E6
                          SHA-256:99EE05A19F79550B1DBB41FEDCF42A95AC4079F6437ABB2D0DCE7B241651F14B
                          SHA-512:0E884F5470D7A033F344CAC7BC337A59AFF98D75F7B1A5F46FB72CACD92EC8092186132306831A3A50241F686B1B8C988FDEF6ED3C1CCFC550B12823F93CA6FE
                          Malicious:false
                          Reputation:unknown
                          Preview: Ortelia Interactive Light Configuration File -->....<light>...<base>....<name>PL1 LED Luminaire</name>....<ID>782715U3-375F-454D-B84Z-ED2VDH2830G5</ID> unique identification ID -->........ basetypes: ....planoconvex....ellipsoidalspot....ellipsoidalzoomspot....fresnel....par64....par36....floodlight....-->.....<basetype>ellipsoidalzoomspot</basetype> see above -this is the visual model the light will use -->....<modelscale x="1" y="1" z="1"></modelscale> model scale -->...</base>...<settings>....<focus min="0" max="100"></focus>. focus range, 0 = hard edge, 100+ = super soft edge -->....<angle min="14" max="50"></angle> angle range in degrees -->....<power min="150" max="150"></power> light wattage, this is power per light if it is a striplight-->....<shape>0</shape> 0= circle, 1= oval, 2= square -->....<gobo>1</gobo> gobo allowed? -->....<changecolour>1</changecolour> colour gel allowed? -->....<colour r="1" g="1" b="1"></colour>

                          C:\Program Files\Ortelia Curator\Lights\PL1_20_50_Beam.xml

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:exported SGML document, ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):1309
                          Entropy (8bit):5.101436874762516
                          Encrypted:false
                          SSDEEP:
                          MD5:B69E54B676D73A1C7AE7F623BE0B9B48
                          SHA1:AA5F1523079329B8E2099B32BA40339E3E56C75B
                          SHA-256:0CE16133349DD17FCAF37DF3A6ED426A24031FE99628A3C4048E32CBC9EAF58F
                          SHA-512:F31AA6DB5D40027415724C453A46753FD5CB8EBBEE72EEA23B2EA27FCCF9B6B213F0BB0285A8FF5C1A57BBA893E5E9D07B3A5A38B21442E77C5296BCCE39119F
                          Malicious:false
                          Reputation:unknown
                          Preview: Ortelia Interactive Light Configuration File -->....<light>...<base>....<name>Luminaire 20 - 50 Spot</name>....<ID>782342R2-376D-443G-B83A-ED3XXR2860A5</ID> unique identification ID -->........ basetypes: ....planoconvex....ellipsoidalspot....ellipsoidalzoomspot....fresnel....par64....par36....floodlight....-->.....<basetype>ellipsoidalzoomspot</basetype> see above -this is the visual model the light will use -->....<modelscale x="1" y="1" z="1"></modelscale> model scale -->...</base>...<settings>....<focus min="15" max="15"></focus>. focus range, 0 = hard edge, 100+ = super soft edge -->....<angle min="20" max="50"></angle> angle range in degrees -->....<power min="120" max="500"></power> light wattage, this is power per light if it is a striplight-->....<shape>0</shape> 0= circle, 1= oval, 2= square -->....<gobo>1</gobo> gobo allowed? -->....<changecolour>1</changecolour> colour gel allowed? -->....<colour r="1" g="1" b="1"></col

                          C:\Program Files\Ortelia Curator\Lights\PL3_NarrowBeam.xml

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:exported SGML document, ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):1313
                          Entropy (8bit):5.098437712794693
                          Encrypted:false
                          SSDEEP:
                          MD5:028CC7688607953DF7621E6896062739
                          SHA1:AB24745F46853DD2AF764DB271BE00AEC43C8875
                          SHA-256:6A3D266AB3174644D18756D4085D91E4F02729C6EA5F99CC618F069EBDA9C9FA
                          SHA-512:72252AFF433E0632ADDFD8E2487ED10880BC1F67B8AD918C95F4C7CBB508A2B05E16986F626B4AC936AA3A035C0680BC8AA030F4D0D567FDA7D901BCED856683
                          Malicious:false
                          Reputation:unknown
                          Preview: Ortelia Interactive Light Configuration File -->....<light>...<base>....<name>Luminaire Narrow Beam Spot</name>....<ID>782342B1-375D-453A-B83A-ED2XXR2860A5</ID> unique identification ID -->........ basetypes: ....planoconvex....ellipsoidalspot....ellipsoidalzoomspot....fresnel....par64....par36....floodlight....-->.....<basetype>ellipsoidalzoomspot</basetype> see above -this is the visual model the light will use -->....<modelscale x="1" y="1" z="1"></modelscale> model scale -->...</base>...<settings>....<focus min="10" max="10"></focus>. focus range, 0 = hard edge, 100+ = super soft edge -->....<angle min="12" max="12"></angle> angle range in degrees -->....<power min="150" max="300"></power> light wattage, this is power per light if it is a striplight-->....<shape>0</shape> 0= circle, 1= oval, 2= square -->....<gobo>1</gobo> gobo allowed? -->....<changecolour>1</changecolour> colour gel allowed? -->....<colour r="1" g="1" b="1"><

                          C:\Program Files\Ortelia Curator\Lights\PL3_WideBeamLED.xml

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:exported SGML document, ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):1311
                          Entropy (8bit):5.103061718951463
                          Encrypted:false
                          SSDEEP:
                          MD5:A13C4A896068CE5BEA1D12A4B80DC714
                          SHA1:543B46E338C2C5CF276FFF2FCDEA7DB1200823FF
                          SHA-256:A893A9E700E5AA9696508B8E3C9638EB861E916B856103B09F249946506774F4
                          SHA-512:D9B2A984E2B7EE4F9961325A9FE6546CCED62418E9A1FBB8E0770B38E23A3945E9CACAB2CF8BF02684AE38465F1FAD85903ECF45A9D7258B6DD874FC720D7704
                          Malicious:false
                          Reputation:unknown
                          Preview: Ortelia Interactive Light Configuration File -->....<light>...<base>....<name>Luminaire Wide Beam Spot</name>....<ID>782372B1-378D-453A-B83A-ED2XVR1860A5</ID> unique identification ID -->........ basetypes: ....planoconvex....ellipsoidalspot....ellipsoidalzoomspot....fresnel....par64....par36....floodlight....-->.....<basetype>ellipsoidalzoomspot</basetype> see above -this is the visual model the light will use -->....<modelscale x="1" y="1" z="1"></modelscale> model scale -->...</base>...<settings>....<focus min="15" max="15"></focus>. focus range, 0 = hard edge, 100+ = super soft edge -->....<angle min="25" max="25"></angle> angle range in degrees -->....<power min="150" max="300"></power> light wattage, this is power per light if it is a striplight-->....<shape>0</shape> 0= circle, 1= oval, 2= square -->....<gobo>1</gobo> gobo allowed? -->....<changecolour>1</changecolour> colour gel allowed? -->....<colour r="1" g="1" b="1"></c

                          C:\Program Files\Ortelia Curator\Lights\SeleconDisplayLEDProfile.xml

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:exported SGML document, ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):1314
                          Entropy (8bit):5.107414558258862
                          Encrypted:false
                          SSDEEP:
                          MD5:243CFBFDDF3CDDD1B2ACA7171B774A69
                          SHA1:D2F16C2088D0CF2BA06386CD7A19099FED98949F
                          SHA-256:120BFBFDA83F043C710F31B4875DE0A6A04715ED85C346C5E7225EE493E50911
                          SHA-512:021341B84D8D44F94CF7BDF21149220A58FB646233BF179A9E954BF633EBF574B226BA681086CE75AB7A84CAE1EADD5A650330C9D07C0F769ED2416B2BE02C5D
                          Malicious:false
                          Reputation:unknown
                          Preview: Ortelia Interactive Light Configuration File -->....<light>...<base>....<name>Selecon Display LED Profile</name>....<ID>7823Y2G0-385F-450Y-B83A-ED2AZR2830A5</ID> unique identification ID -->........ basetypes: ....planoconvex....ellipsoidalspot....ellipsoidalzoomspot....fresnel....par64....par36....floodlight....-->.....<basetype>ellipsoidalzoomspot</basetype> see above -this is the visual model the light will use -->....<modelscale x="1" y="1" z="1"></modelscale> model scale -->...</base>...<settings>....<focus min="0" max="100"></focus>. focus range, 0 = hard edge, 100+ = super soft edge -->....<angle min="16" max="55"></angle> angle range in degrees -->....<power min="160" max="160"></power> light wattage, this is power per light if it is a striplight-->....<shape>0</shape> 0= circle, 1= oval, 2= square -->....<gobo>1</gobo> gobo allowed? -->....<changecolour>1</changecolour> colour gel allowed? -->....<colour r="1" g="1" b="1">

                          C:\Program Files\Ortelia Curator\Lights\SeleconDisplayProfile_15_35.xml

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:exported SGML document, ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):1315
                          Entropy (8bit):5.100348815432288
                          Encrypted:false
                          SSDEEP:
                          MD5:89DF464DDBA9F41F3674A125061FB459
                          SHA1:23D4CD00BB6F37C1C302332E991582173B291D60
                          SHA-256:1EAC1CDE0968AB039F8F8CA3122EA85D3BAFC9AF38B3B53ADF3C2D73D830A6E0
                          SHA-512:6AB323AD6B51F52D5F0986DE5067E80AAE0055E5A9116245D497567D711132E617741BB6809460624184F5F548917CC3EC2D556DA327E729BD5DD37E28205F11
                          Malicious:false
                          Reputation:unknown
                          Preview: Ortelia Interactive Light Configuration File -->....<light>...<base>....<name>Selcon Display Profile 15-35</name>....<ID>7823Y2B0-345F-450A-B83A-ED2ZBR2830A5</ID> unique identification ID -->........ basetypes: ....planoconvex....ellipsoidalspot....ellipsoidalzoomspot....fresnel....par64....par36....floodlight....-->.....<basetype>ellipsoidalzoomspot</basetype> see above -this is the visual model the light will use -->....<modelscale x="1" y="1" z="1"></modelscale> model scale -->...</base>...<settings>....<focus min="10" max="10"></focus>. focus range, 0 = hard edge, 100+ = super soft edge -->....<angle min="15" max="35"></angle> angle range in degrees -->....<power min="100" max="300"></power> light wattage, this is power per light if it is a striplight-->....<shape>0</shape> 0= circle, 1= oval, 2= square -->....<gobo>1</gobo> gobo allowed? -->....<changecolour>1</changecolour> colour gel allowed? -->....<colour r="1" g="1" b="1"

                          C:\Program Files\Ortelia Curator\Lights\SeleconDisplayProfile_25_50.xml

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:exported SGML document, ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):1315
                          Entropy (8bit):5.101044130204823
                          Encrypted:false
                          SSDEEP:
                          MD5:18448A5D268E70A58FB025C80FCFA276
                          SHA1:901CCE817EFB865706C73F38EC3FAA024FA68C37
                          SHA-256:DD4000584DCEC87731E70849A1E8F8B68CEBA670B4A98FEC6C818EDB5F6B0CED
                          SHA-512:57D9D302A0141AB85B31ACACA43494BFCF2D78EB212019B20C4FAA5609FD44292A76699749C6CAF28E10D4920D14B886E1F40E0AF440573CAD15618D2AC6E448
                          Malicious:false
                          Reputation:unknown
                          Preview: Ortelia Interactive Light Configuration File -->....<light>...<base>....<name>Selcon Display Profile 25-50</name>....<ID>7823O2B1-345D-453A-B83A-ED2ZBR2830A5</ID> unique identification ID -->........ basetypes: ....planoconvex....ellipsoidalspot....ellipsoidalzoomspot....fresnel....par64....par36....floodlight....-->.....<basetype>ellipsoidalzoomspot</basetype> see above -this is the visual model the light will use -->....<modelscale x="1" y="1" z="1"></modelscale> model scale -->...</base>...<settings>....<focus min="20" max="20"></focus>. focus range, 0 = hard edge, 100+ = super soft edge -->....<angle min="25" max="50"></angle> angle range in degrees -->....<power min="100" max="250"></power> light wattage, this is power per light if it is a striplight-->....<shape>0</shape> 0= circle, 1= oval, 2= square -->....<gobo>1</gobo> gobo allowed? -->....<changecolour>1</changecolour> colour gel allowed? -->....<colour r="1" g="1" b="1"

                          C:\Program Files\Ortelia Curator\Lights\SeleconWingCDM.xml

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:exported SGML document, ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):1295
                          Entropy (8bit):5.107168042868034
                          Encrypted:false
                          SSDEEP:
                          MD5:5CE2F3B01B17A3E818EFF26E3CB7F6F1
                          SHA1:35A2C4B4F724EB24EA51D7E11A8EA26B0E8A662D
                          SHA-256:73C8964748B8FB83AB883CF338D0ACBD1C49909DA10FE3FCBFA8D27987A45851
                          SHA-512:9737A90EAE0917A9E3B88C31D0FB49329F1B0A354EB6A33B79934946DD37294CB466C064DE356068CD65EFB63DE9CBC617386E01BCC7CCD9D4A66A85ACC8106F
                          Malicious:false
                          Reputation:unknown
                          Preview: Ortelia Interactive Light Configuration File -->....<light>...<base>....<name>Selecon Wing CDM</name>....<ID>84FB3O87-F02C-614B-984A-2017EYC1DE3B</ID> unique identification ID -->........ basetypes: ....planoconvex....ellipsoidalspot....ellipsoidalzoomspot....freesnel....par64....par36....floodlight....-->.....<basetype>floodlight</basetype> see above -this is the visual model the light will use -->....<modelscale x="1" y="1" z="1"></modelscale> model scale -->...</base>...<settings>....<focus min="90" max="90"></focus>. focus range, 0 = hard edge, 100+ = super soft edge -->....<angle min="80" max="80"></angle> angle range in degrees -->....<power min="200" max="520"></power> light wattage, this is power per light if it is a striplight-->....<shape>2</shape> 0= circle, 1= oval, 2= square -->....<gobo>1</gobo> gobo allowed? -->....<changecolour>1</changecolour> colour gel allowed? -->....<colour r="1" g="1" b="1"></colour> defa

                          C:\Program Files\Ortelia Curator\Lights\SeleconWingLinear.xml

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:exported SGML document, ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):1299
                          Entropy (8bit):5.101104592078305
                          Encrypted:false
                          SSDEEP:
                          MD5:8F1303A4E827FB978573C03F05003824
                          SHA1:D7EC4126266BE1D50D72CFB2FF2EFF7375471857
                          SHA-256:AD4358D256F9B76E9C643D1F6BC0F2B141149FE1AA2053AE88C7B268D5AFE3D4
                          SHA-512:02215B528FF10AC75667DE316CAEBAD95B13FF580B8F43DAAEEF8D1B3086BBC764F70A3CC257B1BC26DB843FAA611B91A5792EEB8068D9905E032F32E991B4FF
                          Malicious:false
                          Reputation:unknown
                          Preview: Ortelia Interactive Light Configuration File -->....<light>...<base>....<name>Selecon Wing Linear</name>....<ID>84UB8A87-F02C-414F-984A-2013SAC6DE3B</ID> unique identification ID -->........ basetypes: ....planoconvex....ellipsoidalspot....ellipsoidalzoomspot....freesnel....par64....par36....floodlight....-->.....<basetype>floodlight</basetype> see above -this is the visual model the light will use -->....<modelscale x="1" y="1" z="1"></modelscale> model scale -->...</base>...<settings>....<focus min="80" max="80"></focus>. focus range, 0 = hard edge, 100+ = super soft edge -->....<angle min="70" max="130"></angle> angle range in degrees -->....<power min="150" max="350"></power> light wattage, this is power per light if it is a striplight-->....<shape>2</shape> 0= circle, 1= oval, 2= square -->....<gobo>1</gobo> gobo allowed? -->....<changecolour>1</changecolour> colour gel allowed? -->....<colour r="1" g="1" b="1"></colour>

                          C:\Program Files\Ortelia Curator\Lights\SeleconWingTuneable.xml

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:exported SGML document, ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):1311
                          Entropy (8bit):5.116090219784475
                          Encrypted:false
                          SSDEEP:
                          MD5:6A4DE77DCA0312C8B7423D5D8582496D
                          SHA1:ABB43F1D33169E66746A4D29D748E701182DAE10
                          SHA-256:95ED0CF3FCBA9143FC97357DFA46EB999663A93BF44EE194BCB2A65594744BCF
                          SHA-512:C93475912C7110D21A4EA87B1AAA27CB80AF8952B70AAAC7AE22F68134A4B171C5081F5DAF358A596DFBBE852A109CC93E0B5FB52D29F248D32BB90CDFE7E70B
                          Malicious:false
                          Reputation:unknown
                          Preview: Ortelia Interactive Light Configuration File -->....<light>...<base>....<name>Selecon LED Tuneable Wall Washer</name>....<ID>84UB8A87-G72J-415F-984A-3013SAC6DE3B</ID> unique identification ID -->........ basetypes: ....planoconvex....ellipsoidalspot....ellipsoidalzoomspot....freesnel....par64....par36....floodlight....-->.....<basetype>floodlight</basetype> see above -this is the visual model the light will use -->....<modelscale x="1" y="1" z="1"></modelscale> model scale -->...</base>...<settings>....<focus min="60" max="60"></focus>. focus range, 0 = hard edge, 100+ = super soft edge -->....<angle min="80" max="80"></angle> angle range in degrees -->....<power min="260" max="500"></power> light wattage, this is power per light if it is a striplight-->....<shape>2</shape> 0= circle, 1= oval, 2= square -->....<gobo>1</gobo> gobo allowed? -->....<changecolour>1</changecolour> colour gel allowed? -->....<colour r="1" g="1" b="1"></c

                          C:\Program Files\Ortelia Curator\Lights\ellipsoidalFixedFL.xml

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:exported SGML document, ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):1306
                          Entropy (8bit):5.081412824088448
                          Encrypted:false
                          SSDEEP:
                          MD5:9D70EDBDCF3BBA0020FB895718EDA5BF
                          SHA1:7DB25E5DDC03B109647D54D8EAF9E974DE98932B
                          SHA-256:97A406A9311F58366DE2B7055285B39E1246CFF9ED947325E421460DA3FC5D36
                          SHA-512:4B0375CB917FD82C231E7B192473352F9999E8F011939AEBE77D753213E7BE05E216242528F9FB76BCF7BC4F25A329B72618FBC80787BFDE31C53EB4E81002EE
                          Malicious:false
                          Reputation:unknown
                          Preview: Ortelia Interactive Light Configuration File -->....<light>...<base>....<name>Ellipsoidal Fixed Focal length</name>....<ID>F1E2C31E-4485-4F4D-995B-4766306D9ED6</ID> unique identification ID -->........ basetypes: ....planoconvex....ellipsoidalspot....ellipsoidalzoomspot....freesnel....par64....par36....floodlight....-->.....<basetype>ellipsoidalspot</basetype> see above -this is the visual model the light will use -->....<modelscale x="1" y="1" z="1"></modelscale> model scale -->...</base>...<settings>....<focus min="95" max="95"></focus>. focus range, 0 = max blur, 100 = hard edge -->....<angle min="5" max="50"></angle> angle range in degrees -->....<power min="500" max="2000"></power> light wattage, this is power per light if it is a striplight-->....<shape>0</shape> 0= circle, 1= oval, 2= square -->....<gobo>1</gobo> gobo allowed? -->....<changecolour>1</changecolour> colour gel allowed? -->....<colour r="1" g="1" b="1"></colour

                          C:\Program Files\Ortelia Curator\Lights\ellipsoidalZoom.xml

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:exported SGML document, ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):1303
                          Entropy (8bit):5.0843047052230546
                          Encrypted:false
                          SSDEEP:
                          MD5:B563034507DDC32865E94B79B2ABCEF2
                          SHA1:FF6E33DB68C873F18120E7D15310E691AF350AFB
                          SHA-256:CA4AD9839794BB73AE54F580653E8BB3DE6F5A8F8B7AAC37DCB447C163BA9383
                          SHA-512:437BFFC2CAB85216B617ADBB4359150524B2E5816E044F74E6183AF9E704A0B044F8E2F0F569AEEB581563E7DFC394B4A723ED3E9A37F9D487F7AC43A8CCF62B
                          Malicious:false
                          Reputation:unknown
                          Preview: Ortelia Interactive Light Configuration File -->....<light>...<base>....<name>Ellpsoidal Zoom</name>....<ID>782315B0-375F-450A-B83A-ED2ABF2830A5</ID> unique identification ID -->........ basetypes: ....planoconvex....ellipsoidalspot....ellipsoidalzoomspot....fresnel....par64....par36....floodlight....-->.....<basetype>ellipsoidalzoomspot</basetype> see above -this is the visual model the light will use -->....<modelscale x="1" y="1" z="1"></modelscale> model scale -->...</base>...<settings>....<focus min="0" max="100"></focus>. focus range, 0 = hard edge, 100+ = super soft edge -->....<angle min="15" max="50"></angle> angle range in degrees -->....<power min="500" max="2000"></power> light wattage, this is power per light if it is a striplight-->....<shape>0</shape> 0= circle, 1= oval, 2= square -->....<gobo>1</gobo> gobo allowed? -->....<changecolour>1</changecolour> colour gel allowed? -->....<colour r="1" g="1" b="1"></colour> <

                          C:\Program Files\Ortelia Curator\Lights\fresnel.xml

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:exported SGML document, ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):1283
                          Entropy (8bit):5.084874118213131
                          Encrypted:false
                          SSDEEP:
                          MD5:099FE5C431126B7E4B9016EFDA246994
                          SHA1:E2E88FDB2BB31975764CBED9DC3393B2E79F39F0
                          SHA-256:0C0F947D07F723F7E9EFF58057CBFF18BCD04441A000DF3F3AD5F446C4C98FCA
                          SHA-512:911ADC258AFBB54F1969D3B649846A2C170D0DE4F15729BCF72D90184570C61A7AA21F7E195CF94A53580C2BBF0F1337A1B23185F9234815470C30C211075002
                          Malicious:false
                          Reputation:unknown
                          Preview: Ortelia Interactive Light Configuration File -->....<light>...<base>....<name>Fresnel</name>....<ID>77EF631F-CE48-4782-86C1-DB282AD2CB46</ID> unique identification ID -->........ basetypes: ....planoconvex....ellipsoidalspot....ellipsoidalzoomspot....fresnel....par64....par36....floodlight....-->.....<basetype>fresnel</basetype> see above -this is the visual model the light will use -->....<modelscale x="1" y="1" z="1"></modelscale> model scale -->...</base>...<settings>....<focus min="800" max="80"></focus>. focus range, 0 = hard edge, 100+ = super soft edge -->....<angle min="15" max="70"></angle> angle range in degrees -->....<power min="100" max="500"></power> light wattage, this is power per light if it is a striplight-->....<shape>0</shape> 0= circle, 1= oval, 2= square -->....<gobo>1</gobo> gobo allowed? -->....<changecolour>1</changecolour> colour gel allowed? -->....<colour r="1" g="1" b="1"></colour> default colour,

                          C:\Program Files\Ortelia Curator\Lights\scoop.xml

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:exported SGML document, ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):1283
                          Entropy (8bit):5.099688935256932
                          Encrypted:false
                          SSDEEP:
                          MD5:DE2CB56B01AB67E71BA3ACCDD1710705
                          SHA1:F61A03DD543C89DACDD707D4EACAE31A557AF838
                          SHA-256:0D267C4AB81C1015D73AACD0699CD9341812BFC881E56F5F5DDF98E1B7261A9E
                          SHA-512:B9BB28C0AC23608F157846C208486A2FB6200DE7C16DDA28A317B2DD958CE3D7DBEB9E36A0A1993FFB2216116D4971A72FC0AF9F66A16914990759FC41EC4715
                          Malicious:false
                          Reputation:unknown
                          Preview: Ortelia Interactive Light Configuration File -->....<light>...<base>....<name>Scoop</name>....<ID>88C5BEAE-BAE1-4FEE-96CD-81E86A8FE59C</ID> unique identification ID -->........ basetypes: ....planoconvex....ellipsoidalspot....ellipsoidalzoomspot....freesnel....par64....par36....floodlight....-->.....<basetype>par36</basetype> see above -this is the visual model the light will use -->....<modelscale x="1" y="1" z="1"></modelscale> model scale -->...</base>...<settings>....<focus min="100" max="100"></focus>. focus range, 0 = hard edge, 100+ = super soft edge -->....<angle min="70" max="130"></angle> angle range in degrees -->....<power min="500" max="2000"></power> light wattage, this is power per light if it is a striplight-->....<shape>0</shape> 0= circle, 1= oval, 2= square -->....<gobo>0</gobo> gobo allowed? -->....<changecolour>1</changecolour> colour gel allowed? -->....<colour r="1" g="1" b="1"></colour> default colour,

                          C:\Program Files\Ortelia Curator\MonoBleedingEdge\EmbedRuntime\MonoPosixHelper.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                          Category:dropped
                          Size (bytes):780288
                          Entropy (8bit):5.881376922767195
                          Encrypted:false
                          SSDEEP:
                          MD5:46927E70F6F73AA2E110AF600A59ED88
                          SHA1:C13246AAF3DCE9A8677E293AF99EA7F4EFF46215
                          SHA-256:210B5BBE9172EE7DB18C42D4B7988C0D3A12008B83E0E9A3FCEB69DD44AFF35E
                          SHA-512:0C17F3D561BC61EE1A948AAAE260B5AFB4A691C65F0FA27A6C860597C656E64EB5A45CD58180B4DD80F90B2D216C2EA7D1B4DDA2D5C9B184BAB7831B2A6F3746
                          Malicious:false
                          Antivirus:
                          • Antivirus: ReversingLabs, Detection: 0%
                          • Antivirus: Virustotal, Detection: 0%, Browse
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b=!..Sr..Sr..Sr...r..Sr...r..Sr...r..Sr...r..Sr.]Ps..Sr.]Vs..Sr.]Ws..Srm..r..Sr..Rr..Sr.]Ws..Sr.]Ss..Sr.].r..Sr.]Qs..SrRich..Sr........PE..d....y.^.........." .....R..........TH.......................................p............`.........................................p5......0...(....@..<........d...........P..8.......8...............................................0............................text....Q.......R.................. ..`.rdata..c....p.......V..............@..@.data...!3...P.......4..............@....pdata...o.......p...F..............@..@.idata..8...........................@..@.gfids....... ......................@..@.00cfg.......0......................@..@.rsrc...<....@......................@..@.reloc..k....P......................@..B................................................................................................................

                          C:\Program Files\Ortelia Curator\MonoBleedingEdge\EmbedRuntime\mono-2.0-bdwgc.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                          Category:dropped
                          Size (bytes):4958152
                          Entropy (8bit):6.349091284992178
                          Encrypted:false
                          SSDEEP:
                          MD5:F31F7861D56B642547233CD7C020E687
                          SHA1:7160D16753D37C3887BFBB62042AA07297081AB2
                          SHA-256:0E0F8EFC84BAEB98D4C7668189988D4F21133FC30543ABD816898C82520E70AD
                          SHA-512:D82574D6F3EC2F70BE76359F88FFA796481F18C83309DDB48B0CA5A4EF542BE7DA45FEE9C948D6EDB075F5282025C165737979D8E0E16B059CD100BAA0E58EFC
                          Malicious:false
                          Antivirus:
                          • Antivirus: ReversingLabs, Detection: 0%
                          • Antivirus: Virustotal, Detection: 0%, Browse
                          Reputation:unknown
                          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........4..^U..^U..^U......KU......U......nU....0.WU..e...VU..e...JU..e...JU..'._U..<.KU..^U..gT......_U......U......_U......_U......_U..Rich^U..........................PE..d...,y.^.........." .....z8...=......g1.......................................v......gL...`..........................................HH.X.....H......pv......0t.. ....K.......v..-.. 6E.T............................6E...............8..............................text....y8......z8................. ..`.rdata..X.....8......~8.............@..@.data...@.+.. I..<....I.............@....pdata... ...0t.."...<I.............@..@.gfids..t....`v......^K.............@..@.rsrc........pv......`K.............@..@.reloc...-....v......bK.............@..B................................................................................................................................................................

                          C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\2.0\machine.config

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:XML 1.0 document, ASCII text, with very long lines (541)
                          Category:dropped
                          Size (bytes):29116
                          Entropy (8bit):5.313867952483807
                          Encrypted:false
                          SSDEEP:
                          MD5:CAD24142ABBA464DD90777C3D347EF88
                          SHA1:D8DB7111FCE5A08D8B7C9A6E1E0AD2FBF34CFE12
                          SHA-256:EDC5BCF685D930A607BC097927260A3F9AC7F52DD809DB68158298BFD934B7CE
                          SHA-512:5D3EE2EE7921C95CC30790AE670FCADCF091D4FA1B9B5E1B9C7500C67230ABE25467236ED160C51AA662E764CCEA10E4955887359A65B09432B727ABF27F8454
                          Malicious:false
                          Reputation:unknown
                          Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>...<configSections>...<section name="configProtectedData" type="System.Configuration.ProtectedConfigurationSection, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />...<section name="appSettings" type="System.Configuration.AppSettingsSection, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />...<section name="connectionStrings" type="System.Configuration.ConnectionStringsSection, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />...<section name="mscorlib" type="System.Configuration.IgnoreSection, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowLocation="false"/>...<section name="runtime" type="System.Configuration.IgnoreSection, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowLocation="false"/>...<section name="assembl

                          C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\2.0\settings.map

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:XML 1.0 document, ASCII text
                          Category:dropped
                          Size (bytes):2622
                          Entropy (8bit):4.78094917042716
                          Encrypted:false
                          SSDEEP:
                          MD5:22C818A23169E12BD3C8587B6394C731
                          SHA1:DD2BE2DBCCD34736719301AEE92429D4258EA5A0
                          SHA-256:49C6160F9D54AF4270A3B4E997FC4A8301F79B9E2070118FA46DDBCBBC44F9A2
                          SHA-512:C1352E817E01277413A1790A94A4F979DC1B8333874FEF28D735441C034C97BF8CE501FD9CD04C47D25541A0C1D54FCD4DD3BEE9AC3E8FBDE83ADA9A1D2662D7
                          Malicious:false
                          Reputation:unknown
                          Preview:<?xml version="1.0" encoding="utf-8" ?>.<settingsMap>. <map sectionType="System.Web.Configuration.MembershipSection, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a". mapperType="Mono.Web.Util.MembershipSectionMapper, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a". platform="Unix">.. The 'what' tag specifies which region of the section to modify. The 'value' attribute value is mapper-specific and is not defined here. It can be. any expression understood by the mapper to designate the section region to modify.. -->. <what value="providers">. 'what' can contain any number of occurrences of any three elements:. replace - replace the designated region.. add - add a new entry to the region.. clear - clear the region.. remove - remove the designatedregion.. The attributes to any of the above are freeform and are not processed by the mapper manage

                          C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\2.0\web.config

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:XML 1.0 document, ASCII text
                          Category:dropped
                          Size (bytes):11686
                          Entropy (8bit):5.27854139529115
                          Encrypted:false
                          SSDEEP:
                          MD5:2B6303C4F12762B71051DB6E947F90A4
                          SHA1:A4D7E05516F63D6AB67327B299D4FB2852CB840B
                          SHA-256:3C1A76A5849074B437D297656A208A3BEF6D84B982153542B9C797046C601DFC
                          SHA-512:80F5DA60654E1851EF21526E434B32D94E18883A08BACBBAA0E1F85B80469C46510B6DDB9B429F16CC4BE89C6F2BB2627BBAE9CB1D0C7E45B665EFB7721C6D86
                          Malicious:false
                          Reputation:unknown
                          Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>...<system.web>...<monoSettings>....<compilersCompatibility>.....<compiler language="c#;cs;csharp" extension=".cs" compilerOptions="/nowarn:0169"...... type="Microsoft.CSharp.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />....</compilersCompatibility>...</monoSettings>......<authorization>....<allow users="*" />...</authorization>...<httpHandlers>....<add verb="*" path="Trace.axd" type="System.Web.Handlers.TraceHandler, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />....<add verb="*" path="UrlRouting.axd" type="System.Web.HttpForbiddenHandler, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />....<add verb="*" path="*.aspx" type="System.Web.UI.PageHandlerFactory, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />....<add verb="*" path="*.asmx" validate="false" type="System.Web.Services.P

                          C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.0\Browsers\Compat.browser

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:exported SGML document, ASCII text, with CRLF, LF line terminators
                          Category:dropped
                          Size (bytes):1605
                          Entropy (8bit):4.863785513987257
                          Encrypted:false
                          SSDEEP:
                          MD5:0D831C1264B5B32A39FA347DE368FE48
                          SHA1:187DFF516F9448E63EA5078190B3347922C4B3EB
                          SHA-256:8A1082057AC5681DCD4E9C227ED7FB8EB42AC1618963B5DE3B65739DD77E2741
                          SHA-512:4B7549EDA1F8ED2C4533D056B62CA5030445393F9C6003E5EE47301FF7F44B4BD5022B74D54F571AA890B6E4593C6EDED1A881500AC5BA2A720DC0FF280300AF
                          Malicious:false
                          Reputation:unknown
                          Preview: .. This file defines some of the browsers that Microsoft's implementation provides in.. <windir>\Microsoft.NET\Framework\<ver>\CONFIG\Browsers\*.browser....It is not derived from any file distributed with Microsoft's implementation. Since..we can't distribute MS's browser files, we use browscap.ini to determine ..browser capabilities. Then, if and only if the application contains App_Browser/*.browser..files and we are using .NET 2.0 or higher, we supplement the capabilities with the ..information in those files and the files in this directory. The primary goal of this file..is provide browser definitions that might be referenced in App_Browser/*.browser files...-->..<browsers>.. <defaultBrowser id="Default">.. </defaultBrowser>. <browser id="Default">. <identification>. .<userAgent match="." />. </identification>.. </browser>.. <browser id="IE6to9" parentID="Default">. <identification>. <capability name="majorver" match="^[6-9]" />. <capability

                          C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.0\DefaultWsdlHelpGenerator.aspx

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:HTML document, ASCII text
                          Category:dropped
                          Size (bytes):60575
                          Entropy (8bit):5.321221476406548
                          Encrypted:false
                          SSDEEP:
                          MD5:F7BE9F1841FF92F9D4040AED832E0C79
                          SHA1:B3E4B508AAB3CF201C06892713B43DDB0C43B7AE
                          SHA-256:751861040B69EA63A3827507B7C8DA9C7F549DC181C1C8AF4B7CA78CC97D710A
                          SHA-512:380E97F7C17EE0FDF6177ED65F6E30DE662A33A8A727D9F1874E9F26BD573434C3DEDD655B47A21B998D32AAA72A0566DF37E901FD6C618854039D5E0CBEF3F5
                          Malicious:false
                          Reputation:unknown
                          Preview:<%--.//.// DefaultWsdlHelpGenerator.aspx: .//.// Author:.// Lluis Sanchez Gual (lluis@ximian.com).//.// (C) 2003 Ximian, Inc. http://www.ximian.com.//.--%>..<%@ Import Namespace="System.Collections" %>.<%@ Import Namespace="System.Collections.Generic" %>.<%@ Import Namespace="System.IO" %>.<%@ Import Namespace="System.Xml.Serialization" %>.<%@ Import Namespace="System.Xml" %>.<%@ Import Namespace="System.Xml.Schema" %>.<%@ Import Namespace="System.Web.Services" %>.<%@ Import Namespace="System.Web.Services.Description" %>.<%@ Import Namespace="System.Web.Services.Configuration" %>.<%@ Import Namespace="System.Web.Configuration" %>.<%@ Import Namespace="System" %>.<%@ Import Namespace="System.Net" %>.<%@ Import Namespace="System.Globalization" %>.<%@ Import Namespace="System.Resources" %>.<%@ Import Namespace="System.Diagnostics" %>.<%@ Import Namespace="System.CodeDom" %>.<%@ Import Namespace="System.CodeDom.Compiler" %>.<%@ Import Namespace="Microsoft.CSharp" %>.<%@ Import Namespace

                          C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.0\machine.config

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:XML 1.0 document, ASCII text, with very long lines (541)
                          Category:dropped
                          Size (bytes):33648
                          Entropy (8bit):5.299757552530004
                          Encrypted:false
                          SSDEEP:
                          MD5:24C866CE8037FCDCA2287234EDDFF637
                          SHA1:9245BEFCD116458E9619694F1A785C50FA61B58E
                          SHA-256:6919D5AF506AAE0D93E91BD83418A81895A5554B9F54CF94AAD20D025A4DB664
                          SHA-512:F9960B5D5E7DB35FE4A492DBBA1F90CD0F0F0C4D84349BAF33DE3A941DE57CFFDEC670B5BE9862306503F7B5D57A697208921E7099CEA13D4DAF3310840FF4D2
                          Malicious:false
                          Reputation:unknown
                          Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>...<configSections>...<section name="configProtectedData" type="System.Configuration.ProtectedConfigurationSection, System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />...<section name="appSettings" type="System.Configuration.AppSettingsSection, System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />...<section name="connectionStrings" type="System.Configuration.ConnectionStringsSection, System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />...<section name="mscorlib" type="System.Configuration.IgnoreSection, System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowLocation="false"/>...<section name="runtime" type="System.Configuration.IgnoreSection, System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowLocation="false"/>...<section name="assembl

                          C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.0\web.config

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:XML 1.0 document, ASCII text
                          Category:dropped
                          Size (bytes):18848
                          Entropy (8bit):5.260368668573945
                          Encrypted:false
                          SSDEEP:
                          MD5:B127480EE9F0B8DAB6A3F73AD79DD332
                          SHA1:7D776D730CBD253564713F36573DD8366782788C
                          SHA-256:F1A6416EEEDD9D040387FD85DCF7D6E074B6644C6829D08BE220FF9FC32EFB31
                          SHA-512:00DDCA43AD38127CF71477810C46617FC2CCDC33F197E26BA761151107EFF701FEC2CAA51E43575FB5B4FBC11F640F525BA70B6B3E97811CECABC63773492401
                          Malicious:false
                          Reputation:unknown
                          Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <system.codedom>. <compilers>. <compiler language="c#;cs;csharp" extension=".cs" warningLevel="4" type="Microsoft.CSharp.CSharpCodeProvider, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">. <providerOption name="CompilerVersion" value="v4.0"/>. <providerOption name="WarnAsError" value="false"/>. </compiler>. <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" warningLevel="4" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">. <providerOption name="CompilerVersion" value="v4.0"/>. <providerOption name="OptionInfer" value="true"/>. <providerOption name="WarnAsError" value="false"/>. </compiler>. </compilers>. </system.codedom>...<system.web>...<monoSettings>....<compilersCompatibility>....

                          C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.5\machine.config

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:XML 1.0 document, ASCII text, with very long lines (541)
                          Category:dropped
                          Size (bytes):34106
                          Entropy (8bit):5.2977138108535575
                          Encrypted:false
                          SSDEEP:
                          MD5:0869544722561F5AFF0EEFC83FC7B001
                          SHA1:1E118F4B5C1C6A7B1858E3FCCB1B1D1095561976
                          SHA-256:EF9B9387168FD1DD6C996F96C134D9C44F8EB06F9587004BF997252A520182D6
                          SHA-512:CED7C9A5363CABDB87B01ED6B4CA190A690640DDDF5CBCC0438ACDC611A8EE942CB6CD73C78D3FC2D59F70171F22AC832A10B1E23758DC92599EE24ACD978AC2
                          Malicious:false
                          Reputation:unknown
                          Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>...<configSections>...<section name="configProtectedData" type="System.Configuration.ProtectedConfigurationSection, System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />...<section name="appSettings" type="System.Configuration.AppSettingsSection, System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />...<section name="connectionStrings" type="System.Configuration.ConnectionStringsSection, System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />...<section name="mscorlib" type="System.Configuration.IgnoreSection, System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowLocation="false"/>...<section name="runtime" type="System.Configuration.IgnoreSection, System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowLocation="false"/>...<section name="assembl

                          C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.5\settings.map

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:XML 1.0 document, ASCII text
                          Category:dropped
                          Size (bytes):2622
                          Entropy (8bit):4.78094917042716
                          Encrypted:false
                          SSDEEP:
                          MD5:BA17ADE8A8E3EE221377534C8136F617
                          SHA1:8E17E2AEC423A8E6FB43E8CBE6215040217BB8A3
                          SHA-256:CE1DB1AD8A9512073164E3ECCDC193F7EDA036E1A9733CAEC4635DE21B2865C8
                          SHA-512:C18BCBCBD4B9A20A72B1A934D70DB1EAFEF047F34F3BA2C6357D8E3AFED07ECAAB861E5571CEB58C22D4D3E5EBB34B51E366A0553C3153FBC263D1D80472E297
                          Malicious:false
                          Reputation:unknown
                          Preview:<?xml version="1.0" encoding="utf-8" ?>.<settingsMap>. <map sectionType="System.Web.Configuration.MembershipSection, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a". mapperType="Mono.Web.Util.MembershipSectionMapper, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a". platform="Unix">.. The 'what' tag specifies which region of the section to modify. The 'value' attribute value is mapper-specific and is not defined here. It can be. any expression understood by the mapper to designate the section region to modify.. -->. <what value="providers">. 'what' can contain any number of occurrences of any three elements:. replace - replace the designated region.. add - add a new entry to the region.. clear - clear the region.. remove - remove the designatedregion.. The attributes to any of the above are freeform and are not processed by the mapper manage

                          C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\4.5\web.config

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:XML 1.0 document, ASCII text
                          Category:dropped
                          Size (bytes):18857
                          Entropy (8bit):5.261053882140244
                          Encrypted:false
                          SSDEEP:
                          MD5:08101241B15B53EF0AB908F6D388881F
                          SHA1:EA3E2AD6D71D483C54B12852DCBDCD0BAA569988
                          SHA-256:15A2C7A9242BF54D3CCB3E07FA6D8F84BA8B303D8877243787A1103009941BDB
                          SHA-512:A1EE7F17BB069AC42483D1F98CA839FF1BD06F3FC15CD379DFF4ACA3732A5DAC24DC17E15ACC8F8FA39E60E186219F4FD70664F9EA284002274A4FF8609791ED
                          Malicious:false
                          Reputation:unknown
                          Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <system.codedom>. <compilers>. <compiler language="c#;cs;csharp" extension=".cs" warningLevel="4" type="Microsoft.CSharp.CSharpCodeProvider, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">. <providerOption name="CompilerVersion" value="v4.0"/>. <providerOption name="WarnAsError" value="false"/>. </compiler>. <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" warningLevel="4" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">. <providerOption name="CompilerVersion" value="v4.0"/>. <providerOption name="OptionInfer" value="true"/>. <providerOption name="WarnAsError" value="false"/>. </compiler>. </compilers>. </system.codedom>...<system.web>...<monoSettings>....<compilersCompatibility>....

                          C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\browscap.ini

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):311984
                          Entropy (8bit):5.426486634209472
                          Encrypted:false
                          SSDEEP:
                          MD5:378BE809DF7D15AAC75A175693E25FBB
                          SHA1:2D5454E161DE8A5B65910F27BD70D9D0AD8FA476
                          SHA-256:4DDD50F31FB968F30BEDEFC253A46DC3F2890192D05CDAA9E0A64A056EEE807E
                          SHA-512:D0D181E806CBD2C016EB0A8786F7D9DB877463EAAC0195DB4E891BE111C9ED87491A1ABCFA0D9ED7C2743E004E1F4A3F4789333D0B535E63358C672AE833C363
                          Malicious:false
                          Reputation:unknown
                          Preview:;;; Provided courtesy of http://browsers.garykeith.com.;;; Created on Wednesday, June 17, 2009 at 6:30 AM GMT..[GJK_Browscap_Version].Version=4476.Released=Wed, 17 Jun 2009 06:30:21 -0000..;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; DefaultProperties..[DefaultProperties].Browser=DefaultProperties.Version=0.MajorVer=0.MinorVer=0.Platform=unknown.Alpha=false.Beta=false.Win16=false.Win32=false.Win64=false.Frames=false.IFrames=false.Tables=false.Cookies=false.BackgroundSounds=false.CDF=false.VBScript=false.JavaApplets=false.JavaScript=false.ActiveXControls=false.isBanned=false.isMobileDevice=false.isSyndicationReader=false.Crawler=false.CssVersion=0.supportsCSS=false.AOL=false.aolVersion=0.ECMAScriptVersion=0.0.W3CDOMVersion=0.0..;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Ask..[Ask].Parent=DefaultProperties.Browser=Ask.Frames=true.Tables=true.Crawler=true..[Mozilla/?.0 (compatible; Ask Jeeves/Teoma*)].Parent=Ask.Browser=Teoma..[Mozilla/2.0 (compatible; Ask Jeeves)].Parent=Ask.Browser=AskJeeves.

                          C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\config

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):3276
                          Entropy (8bit):4.8868874436566525
                          Encrypted:false
                          SSDEEP:
                          MD5:D9BC824737177AF5792846F26507231C
                          SHA1:C44835E4881D95A97B597BEBFF5DEBA0233A5887
                          SHA-256:60099CF91BB1A5717FC1F2D23CF36A61D3BFB70D9489FBB6F4BAE98C560BF3D5
                          SHA-512:F9558F9E985643D8205B5534998412A5896BB6F5712BCE5D6CF27469200EED64F29EFC01936AB00C4A93625B0FC573036FBA00BA2C4EB1D1D7C47555608F11E8
                          Malicious:false
                          Reputation:unknown
                          Preview:<configuration>..<dllmap dll="i:cygwin1.dll" target="libc.dylib" os="!windows" />..<dllmap dll="libc" target="libc.dylib" os="!windows"/>..<dllmap dll="intl" target="libintl.dylib" os="!windows"/>..<dllmap dll="intl" name="bind_textdomain_codeset" target="libc.dylib" os="solaris"/>..<dllmap dll="libintl" name="bind_textdomain_codeset" target="libc.dylib" os="solaris"/>..<dllmap dll="libintl" target="libintl.dylib" os="!windows"/>..<dllmap dll="i:libxslt.dll" target="libxslt.dylib" os="!windows"/>..<dllmap dll="i:odbc32.dll" target="libodbc.dylib" os="!windows"/>..<dllmap dll="i:odbc32.dll" target="libiodbc.dylib" os="osx"/>..<dllmap dll="oci" target="libclntsh.dylib" os="!windows"/>..<dllmap dll="db2cli" target="libdb2_36.dylib" os="!windows"/>..<dllmap dll="MonoPosixHelper" target="libMonoPosixHelper.dylib" os="!windows" />..<dllmap dll="libmono-btls-shared" target="libmono-btls-shared.dylib" os="!windows" />..<dllmap dll="i:msvcrt" target="libc.dylib" os="!windows"/>..<dllmap dll="i:

                          C:\Program Files\Ortelia Curator\MonoBleedingEdge\etc\mono\mconfig\config.xml

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:XML 1.0 document, ASCII text, with very long lines (334)
                          Category:dropped
                          Size (bytes):25817
                          Entropy (8bit):5.166379989535013
                          Encrypted:false
                          SSDEEP:
                          MD5:F34B330F20DCE1BDCCE9058FCA287099
                          SHA1:936520D5BB5C00A1985D7A4C4F0EF763A9031862
                          SHA-256:0C56E34C69124510FA8C19E7B4C2CA6C1C4FF460AE19F798DD0CA035809E396D
                          SHA-512:D6D4A8321EB44C117755A41A2590296BE86A0568D27A5347F9D7F32F2D151D8F7E169675C83FAED2DAB5AD0F8D81858F8CD1167E439CD4BFF7E68C243E3544FD
                          Malicious:false
                          Reputation:unknown
                          Preview:<?xml version="1.0" encoding="utf-8"?>.<mconfig>. <configuration>. <handlers>. <handler section="feature" .. type="Mono.MonoConfig.FeatureNodeHandler, mconfig, Version=0.1.0.0, Culture=neutral, PublicKeyToken=null".. storageType="System.Collections.Generic.Dictionary`2[[System.String, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[Mono.MonoConfig.FeatureNode, mconfig, Version=0.1.0.0, Culture=neutral, PublicKeyToken=null]], mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>. <handler section="configBlock".. type="Mono.MonoConfig.ConfigBlockNodeHandler, mconfig, Version=0.1.0.0, Culture=neutral, PublicKeyToken=null".. storageType="System.Collections.Generic.Dictionary`2[[System.String, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[Mono.MonoConfig.ConfigBlockBlock, mconfig, Version=0.1.0.0, Culture=neutral, PublicKeyToken=null]], mscorlib, Version=2.0.0.0, Cult

                          C:\Program Files\Ortelia Curator\Ortelia Curator.url

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:MS Windows 95 Internet shortcut text (URL=<https://ortelia.com/>), ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):46
                          Entropy (8bit):4.465495989468814
                          Encrypted:false
                          SSDEEP:
                          MD5:AA413DBE127CBE197191AAE3590B1AFE
                          SHA1:4D470AB8D38635CEFE463FD9B04EEFCDB73136B3
                          SHA-256:BFCCE1759243A72EC209375D5C9A208BC3DE08900FC3EA5D861889C1066F05E4
                          SHA-512:BEF488CA0BB416295985975F9C29CAB857A4819C7B652B3185F3D26C42DC45E538B5EE2E642997F853513F289AF056B9C4EC0472DB2BC70DCD7F3108CEF52FCF
                          Malicious:false
                          Reputation:unknown
                          Preview:[InternetShortcut]..URL=https://ortelia.com/..

                          C:\Program Files\Ortelia Curator\OrteliaCurator.exe

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                          Category:dropped
                          Size (bytes):650752
                          Entropy (8bit):3.375913861301305
                          Encrypted:false
                          SSDEEP:
                          MD5:F42024F641F5FA36B4EC8B7646CD737F
                          SHA1:38D0933B5A0AB5A66BD3B9C13518C8F0EEEED5BA
                          SHA-256:E1A6EBC1DF855FAA253E4C52FC7CD8455866D1ABCD88D0C09C8EAC441F878602
                          SHA-512:D6EACD342CAB364A547066A91269C84CB780062DF44125116BB11CD7A3F62D2FBC45B9A3276CECD1DF772E7457875BC021A2F6276475256B3BC471A0E0602EAD
                          Malicious:false
                          Antivirus:
                          • Antivirus: ReversingLabs, Detection: 0%
                          • Antivirus: Virustotal, Detection: 0%, Browse
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........ty...*...*...*..+...*..+...*..+?..*..+...*..+...*..+...*..+...*6..+...*...*...*6..+...*6..+...*6..*...*6..+...*Rich...*................PE..d......^.........."..........^......`..........@.............................0............`..........................................1.......1..<....p......`............... ......p"..T............................".................. ............................text...p........................... ..`.rdata.............................@..@.data........@.......,..............@....pdata.......`.......6..............@..@.rsrc.......p.......D..............@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\AGM.EdgeDetection.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):7680
                          Entropy (8bit):4.5124951932587205
                          Encrypted:false
                          SSDEEP:
                          MD5:5BC9CF8E8DE058009DA4A6359C8BB393
                          SHA1:CAED7FB89B1E764E4A7063C8BEF4FA9FB6C50299
                          SHA-256:76003F3AFC482479B9012CF96CF996923048F9D0B2594783BF9FD909437FB493
                          SHA-512:6A8E9C493255D9542DDEFB236ACB9B7C8F66D2238225B1DCA476F7E52888316980FC47B809F838DEA35FB0E7B91737936775309E0DD2530882A4C7AB256CDA79
                          Malicious:false
                          Antivirus:
                          • Antivirus: Virustotal, Detection: 0%, Browse
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d!b.........." ..0.............65... ...@....... ....................................@..................................4..O....@.......................`......h3..8............................................ ............... ..H............text...<.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................5......H........#...............................................................0...........s....%.}....}.....s....%"...?}....}.....s....%"...?}....}.....s....%"..L>}....}.....s....%"...?}....}.....s....%"...?}....}.....s....%"....}....}.....s....%(....}....}.....s....%(....}....}.....(....*....0...........(..........(....,.*.o....r...p(....o........(.........{....(.....(.........{....(....(.....o....r%..p.{.....{...."...?.{....s....o.....o....r?..p.(.........{....(....o.....o....rO

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Accessibility.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):12288
                          Entropy (8bit):4.537166286355877
                          Encrypted:false
                          SSDEEP:
                          MD5:63C434B864FF270CE9FEF43917DC8621
                          SHA1:BD0A92569B2A14F52BEA0DC52FAE7238332C3B8C
                          SHA-256:C36813BDF03FBAD922E6558756C3CC2956E6F74457003947FA4E91952445E19F
                          SHA-512:0770253B619A3F5B8154AACEB924E7C97FABCBC33A84DB636662C3F8D24AC0967BA479745DF6CC0E0B8E38483D2C93164540EB55AE3ADD512675360E88B125D3
                          Malicious:false
                          Antivirus:
                          • Antivirus: ReversingLabs, Detection: 0%
                          • Antivirus: Virustotal, Detection: 0%, Browse
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...w............." ..0..(..........fG... ...`....... ....................................@..................................G..O....`..............................hF..8............................................ ............... ..H............text...l'... ...(.................. ..`.rsrc........`.......*..............@..@.reloc..............................@..B................HG......H.......P ...%...................E......................................BSJB............v4.0.30319......l... ...#~......4...#Strings............#US.........#GUID...........#Blob...........W..........3................)...............).............................{.........F.*.........n...........:.........................................$.....Z.=.....=...x.............=...........=.....\.....\...X.\...#.........................]...............*.......t.....*...V...L.V...L.V.@.

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Assembly-CSharp-firstpass.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):562176
                          Entropy (8bit):5.974241730722783
                          Encrypted:false
                          SSDEEP:
                          MD5:87EACE688BD426B3E32D3F2F2C6F8B10
                          SHA1:316A754EC21CADEBC16598007A55EC4E64451FC9
                          SHA-256:7AA2C4846293FD9EB01C51B69A630161C9FDCC8D54D33099D794CEEB80E87AAE
                          SHA-512:1A5BCB7B7BD071B450699574C81C16140FE73E6EAE470C9808D19757C02054E301AA78322EEC0409F5F156B98DC10D7856B6D9CF3277E42EDEFD822E3777A020
                          Malicious:false
                          Antivirus:
                          • Antivirus: ReversingLabs, Detection: 0%
                          • Antivirus: Virustotal, Detection: 0%, Browse
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d!b.........." ..0.................. ........... ....................................@................................._...O......................................8............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......@N...Z............................................................{(...*..{)...*V.(*.....}(.....})...*...0..;........u......,/(+....{(....{(...o,...,.(-....{)....{)...o....*.*. .f.. )UU.Z(+....{(...o/...X )UU.Z(-....{)...o0...X*.0...........r...p......%..{(....................-.q.............-.&.+.......o1....%..{)....................-.q.............-.&.+.......o1....(2...*..*..{....*>..}......(....*..{....*"..}....*..{....*>..}......(....*..{....*"..}....*....0..p...

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Assembly-CSharp.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):2696192
                          Entropy (8bit):5.880107512513915
                          Encrypted:false
                          SSDEEP:
                          MD5:3A3C7B0C6D14D4E0421B1926EE17632A
                          SHA1:66587D0FDE1FD28C13F27FC5E9C1A649A1D8A65D
                          SHA-256:CF645909854666AFEC91F795B72D5DF4F471FAD2934E80096359CA3093E6FB06
                          SHA-512:41CFD5F658CD337C0E724F94160B1FD14826A62AAB71D61503A85568626F7E573A5BBD242F332CD3B976E9963996723CFEA0A31F292B31776DF991959A54BC1E
                          Malicious:false
                          Antivirus:
                          • Antivirus: ReversingLabs, Detection: 0%
                          • Antivirus: Virustotal, Detection: 0%, Browse
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d!b.........." ..0...)...........).. ...@)...... ........................)...........@...................................).O....@)......................`).......).8............................................ ............... ..H............text.....).. ....)................. ..`.rsrc........@).......).............@..@.reloc.......`)......").............@..B..................).....H.......d3................................................................*..0..H........./.......1.....".......".......(2.........(3.....(......(4...,."....*.*.0..(.............(2........(3...~5....(......(4...*.0............(2............,"............i(6.....~....-...(7...../.......1.......(3.....i...(.......(4....,..~5...(8...,..(....&.*...X(...+.,....+..P...X.........X.....2...P..(:....(....&....*....0............(2............,"............i(6.....~....-...(7...../.....

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Autodesk.Fbx.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):344576
                          Entropy (8bit):5.847747175528874
                          Encrypted:false
                          SSDEEP:
                          MD5:72A5C877E64AE65A9D08C1B802E8874B
                          SHA1:6D718FDEB9EFC4D59289BE5232FD3CAE72607EDB
                          SHA-256:B98B797621E1D550F95E567F4680C86EAD17F03B4A970DE65418AB3515017B30
                          SHA-512:0DF1AAC440B22832521783B130A7EF0B7BDCAF8AB5BB4C14908CC63A427A42A60C5A9A061D3D5728C0CEDF08750EA5AB7874A351CD699A488B4F12B889D288CE
                          Malicious:false
                          Antivirus:
                          • Antivirus: Virustotal, Detection: 0%, Browse
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d!b.........." ..0..:...........X... ...`....... ....................................@.................................3X..O....`...............................V..8............................................ ............... ..H............text....8... ...:.................. ..`.rsrc........`.......<..............@..@.reloc...............@..............@..B................gX......H........9..............................................................n..(T....(.......s....}....*r..(+...-..{....*.~....s....*....0...........o.......(.....*.................0..g..............(.....|....(....~....(....,+.{(...,...}(....{....(......~....s....}.....(.....(.......,..(.....*.........X\......6.(.....(....*...(....(.....(....(....,.(....z*B....(.....(....*n.{......(....(....,.(....z*f.{....(....(....,.(....z*f.{....(....(....,.(....z*~.{....(.....s....(....,.(..

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\BakeryRuntimeAssembly.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):21504
                          Entropy (8bit):5.571622303714988
                          Encrypted:false
                          SSDEEP:
                          MD5:E6A45004E5D63EB9FDD58F254CD3BB3C
                          SHA1:C0DBB84061D109118D6E635D25FF9372E2C0C0FC
                          SHA-256:EEFBD8329F229DF4F6DEE73689F38A012D9F1ECAF96F95E501F5493C9FAB8580
                          SHA-512:28D6CE1A57A106A7BEF9E64960697583DF99656BF2893C44A594216C4F5FEE95DA6705ED657AB2B345A66EEF1E0222E9ACE0E09C8227317787ADCD99231B79DD
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d!b.........." ..0..L...........k... ........... ....................................@.................................ok..O....................................i..8............................................ ............... ..H............text....K... ...L.................. ..`.rsrc................N..............@..@.reloc...............R..............@..B.................k......H........:..@/............................................................(....*.0..X........(....}....."...?}....."..#<}.......}......}....."...?}....."..#<}....."..#<}.....(....*.*...0..9.......(....(.....(....o...+...(....,..o.......(.....{....(....*....0..c........(....}....."...?}....."...B}..... ....}.......}......}......}......}....."...?}.......}.....(....*..0..:..........(....}.......{5...} ......{3...}.......{?......}$......{7...}'......{@...}!......{A...}"......{B.

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Byn.Awrtc.Native.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):278016
                          Entropy (8bit):5.862793085335642
                          Encrypted:false
                          SSDEEP:
                          MD5:2657B10F3193DA16B40E79E79218D793
                          SHA1:532924F0021B146096CFE36255137F4317291CD8
                          SHA-256:575B34F23318AF1DA14013CADAF44C6207AA9D20BCB4EA87650C0278FBEB608E
                          SHA-512:8B6CA5DFA101992E37C600A688DBD058B81A546FA86C3923354F8AE7DE4AB9C898DA49906BDB0D6326CD29A3736A0A3DBD1BC82F5FA3DCF6CFFBCBE97C44B4B9
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c..]...........!.....6..........>U... ...`....... ....................................@..................................T..K....`..X............................S............................................... ............... ..H............text...D5... ...6.................. ..`.rsrc...X....`.......8..............@..@.reloc...............<..............@..B................ U......H............u............................................................{....*.0..v........s....}......s....}.....s....}.....s....}.....s....}......}.....(.....-.r...ps....z.-.rC..ps....z.o......}......}....*f..}.....{....o.....o....*..{.....3..{....o....o....*.{.....3..{....o....o....*"..(....*..{....o.....1...{....o..... ....*... ....*..{....o.....1...{....o .... ....*... ....*F.{....o....o!...*...0...........,...i,...-.ro..p......("....*..2....i2.r...p......("....*..i...

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Byn.Awrtc.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):38912
                          Entropy (8bit):5.40134524448332
                          Encrypted:false
                          SSDEEP:
                          MD5:8AC468A1D02E2C739AB58D50534BAC71
                          SHA1:6B1F301CEADD1854DF1E10A08FB4DF7A71037D5D
                          SHA-256:52E3D0413891BA080D38419B688C1D26D3E51EA52A48454D646F34D2AEF892B3
                          SHA-512:4654C67F084571766B95EFBD65C865B3FE6CB8FC22B114FE4B2D31D12709F8FD922BE9664232A676A50696EB59B034D7E8B658EFC5F14F7131756544BAE755BB
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...b..]...........!.................... ........... ....................................@.....................................S...................................`................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........J...b...........................................................0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*..{....*..{....*..{....*"..}....*...0..h........s....}......}......}.....s....}.....(.....,:..}......o....}.....{....o....,.r...p..$......~......(....*>..}......}....*.0...........-.r...ps....z.(3....{......(.{....o....-.r...p.{.........(....s....z.{.....3:..}....r ..p..$......~......( .....}.....{

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\CTCommon.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):30160
                          Entropy (8bit):6.147023668323676
                          Encrypted:false
                          SSDEEP:
                          MD5:FA3DA413AA5494BC571DE2F8BF85BB0D
                          SHA1:BA8DFFAA95A559E2488624F7406355707B507451
                          SHA-256:FCD31EF253FCC46D39D9F98F59D31F1EF509FDBC55FCA0968D49321D209DEAE1
                          SHA-512:B254616B4274636FA326493CC616690E2628FB82D1EBC6E32513303BBDCB56ED07091EFD46144D9CFDC3024DDE1F37BA16CCEAC60DF4869DB534050BAE4B1150
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..N...........m... ........... ...............................'....@..................................l..O....................V...............k............................................... ............... ..H............text...$M... ...N.................. ..`.rsrc................P..............@..@.reloc...............T..............@..B.................m......H.......@8..T3..........................................................Z(....o.....o....o....*..0..-..........o............,....o....o.........o.......*^.-.r...ps....z...o....*v.-.r...ps....z...o..........*..0..O.......sZ......}W....{W...-.r...ps....z.(....,..*..:...%.......o.......[...s....(...+*..0..O.......s\......}X....{X...-.r...ps....z.(....,..*..:...%.......o.......]...s....(...+*..0..K........,...-.r...ps....z..i.+.~.....%.Y.o"....................................0.*.

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\FreeImageNET.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):188928
                          Entropy (8bit):5.990341097444076
                          Encrypted:false
                          SSDEEP:
                          MD5:432255E2A0BB228F71418A1A3ECB1D71
                          SHA1:BF46432A07D25CE9D3F1E5B4E9B29F9F8267AD5D
                          SHA-256:B3B80FCD6D324067586CBCFDB8005AA199B3A8F49B2B40A7FF163CE33C3BB4E4
                          SHA-512:AAC9665A4E30345E2561FA6EB3947BE1791224FCEBC10F786EAAE5CEF18E25C212D6DE3DBB75E2D561AB58383EBCFFC4E4685F435F97D35F1149EBD2A8BFA13A
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....N.O...........!..................... ........@.. .......................@............@.....................................K............................ ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........................................................................0..P.........,.....,...(+...(,...j...(-......(......(-.......(....Y.....r...ps/...z.i.0...*..(1...*>...(2....(3...*.0...........(1....,...(+........(+...3...}4...+..,...(+...."...(+...3...}5......3.r...ps6...z../.r...ps7...z..}8.....}9....{4...-<.{5...-4...,...}:.....{:....(;...}<.....|<...(=...(>...}?...*.0............o@......(A....*....................0..U.........(B...,..*..(B...-...(B...-..{9....{9..

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\I18N.West.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):65536
                          Entropy (8bit):4.458562059129311
                          Encrypted:false
                          SSDEEP:
                          MD5:5451644427598009786CC1CFC09C64D6
                          SHA1:F2CBF24675AC08D6234D13CE2E28B5EA62F9EF18
                          SHA-256:405304B9AE0D11E51961881EC6BEB3AB790DAAC88AA4BE246E1EE5E99C20E240
                          SHA-512:33D3730D35639B359F3A2087B2EF27CA57AAA03B88EC7D0726220C108E643D447DB741210C5E5EB5B7BC1AB2636DB311B0869089E8E72534E3131C77F5B4B844
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......X...........!................. ... ... ....@.. .......................`............................................... ..O.... .......................@....................................................... ..............d ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B.................%. @...........@ ......Z ..........N ... ........................_CorDllMain.mscoree.dll.@ ........H............$...........................................................................................................................0........... .'..~....r...pr/..pr/..pr/..p.... ....(....*..n .........%.-...(.........*.0..3.............8 .....%.X..ZXI.. ....?......... ....YE........................#...........9.......D...O...Z.......e...p...{......................................

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\I18N.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):31744
                          Entropy (8bit):4.923223290688459
                          Encrypted:false
                          SSDEEP:
                          MD5:4F87C674A2456C93CBF9B01750E4CE23
                          SHA1:DF4970874D128C881A9B9C232AA035A9DE0D1E3B
                          SHA-256:AA451CC2823C4E93D451D36B4F00F9CACCA0424E4D51825A9F911F53C6B80276
                          SHA-512:12E4ED10D261666E7182A4100CE95A5999607C3F8BCF106F8DF0E8B614A9D2DCCCD6804E0F671F60FEF0DDF14EB72E107DAAC6433AC6D6EF9EE85634957EA704
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......X...........!.....t........... ... ........@.. ....................................................................... ..O.................................................................................... ..............d ..H............text...$s... ...t.................. ..`.rsrc................v..............@..@.reloc...............z..............@..B.................%. @...........@ ......Z ..........N ... ........................_CorDllMain.mscoree.dll.@ ........H.......l@..8R..........h@...............................................................................................................0..n.........('.....i ....;....r...ps....z..}......}.......} ......}!......}"......}#......}$......}%......}&......}'...*...0..0.........;.....*~(...:.... . ........(...~)...:.... . ........)...~*...:F... ..........*...~*.....(......8....~*........X.

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\ICSharpCode.SharpZipLib.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):200704
                          Entropy (8bit):5.683688089372797
                          Encrypted:false
                          SSDEEP:
                          MD5:C8164876B6F66616D68387443621510C
                          SHA1:7A9DF9C25D49690B6A3C451607D311A866B131F4
                          SHA-256:40B3D590F95191F3E33E5D00E534FA40F823D9B1BB2A9AFE05F139C4E0A3AF8D
                          SHA-512:44A6ACCC70C312A16D0E533D3287E380997C5E5D610DBEAA14B2DBB5567F2C41253B895C9817ECD96C85D286795BBE6AB35FD2352FDDD9D191669A2FB0774BC4
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....<.K...........!......... ......^.... ........@.. .......................@............@.....................................K............................ ....................................................... ............... ..H............text...d.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Mono.Data.Sqlite.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):166912
                          Entropy (8bit):5.907771098889238
                          Encrypted:false
                          SSDEEP:
                          MD5:C3F45469E392A105CFFE6CE007A54A61
                          SHA1:BF0EDEF3A0CB5FC35920497A108600D5625B869A
                          SHA-256:5CFD7D5E444EC8D53755D4D82220524AA455F34B87A6F740B984D50465D76D4B
                          SHA-512:D2FFF88539FE6999EA428416CC153500F9BA5C2D130888853BEC3568B1599B60D84DA40FC3B7F08D4BDE439C2D2500C720084064F92277A2EF16840A7CB83FF9
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d............" ..0.............Z.... ........... ....................................@.....................................O.......@...........................X...8............................................ ............... ..H............text...p.... ...................... ..`.rsrc...@...........................@..@.reloc..............................@..B................;.......H.......d....0..........p...h...........................................~A...*..0..)........{8........(5...t......|8.....(...+...3.*....0..)........{8........(7...t......|8.....(...+...3.*....0..)........{9........(5...t......|9.....(...+...3.*....0..)........{9........(7...t......|9.....(...+...3.*....0..)........{:........(5...t......|:.....(...+...3.*....0..)........{:........(7...t......|:.....(...+...3.*....0..)........{>........(5...t......|>.....(...+...3.*....0..)...

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Mono.Posix.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):212480
                          Entropy (8bit):6.055632990000727
                          Encrypted:false
                          SSDEEP:
                          MD5:72C9EA78101C493635C0F763D1795D7A
                          SHA1:C04E331B6415BF566E1AA26550BF794651704C7C
                          SHA-256:A33ABCEFFEAA6B6D5DBD2CF77210DADDFE331ED40EEAE4CEA3C5EFB0C0DB2CC0
                          SHA-512:4DCC9495000F0CB0D93381A466F8D0553C2F9EF9521AC71979371B5EDED37A25224A861CCC101A24B0B2741D30EFB71D81D03FA00CA476BF8339C1786D9C46F2
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....o..........." ..0..6...........S... ...`....... ....................................@..................................S..O....`...............................R..8............................................ ............... ..H............text...04... ...6.................. ..`.rsrc........`.......8..............@..@.reloc...............<..............@..B.................S......H............K..................tR........................................(....*..*"..(....*..(....*:.(......}*...*..{*...*..{+...*"..}+...*..(.....-.r...ps....z.r...p(....,.r...pr...ps....z..},...*..{,...*"..},...*..*...0..;........o.....Y.Y.o......+......Xo.......X....i2.(.....o....s....*..0..H.......(.....{,...o .....o!......iXs".......o#.....+....X.X...o#.....X....i2..*..{,...*2.{,...o$...*....0...........u......-..*.{,....{,...(....*..(....*...0..x.............r/..p..(..

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Mono.Security.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):309248
                          Entropy (8bit):6.0579665809911205
                          Encrypted:false
                          SSDEEP:
                          MD5:D1B792D07B0E08EF190EB6EF5361E6F3
                          SHA1:36890188D80598132D63561DED707E641282F2A1
                          SHA-256:2B7651B398DC63AF0DBC0038758981C29238A495681A7ED487357A464AD4DE15
                          SHA-512:1229D49068401A078B81EE398524327CCDEBCD2FB6134C980D643B76F075244F2670D0773AA35027AA8B8D40AD6C29F16A223B142F3A6595C3641C32C8C31215
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...3............." ..0................. ........... ....................... ............@.................................|...O......................................8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........>...z..................P.........................................(....*..*"..(....*..(.......y...}=.....}>....(....*>..};.....}<...*....0..-.........o.......*..+...o.......Xo ......*..X...2..*N..{;....{<...s....z....0..G........~8...Z.~9....i.Y~8...(!....+.~9..........c3.. ...._*..X...Y%../. ....*..0..s........-.r...ps"...z.-.s......s.......s#........};.....}<.........s$...................o......{<....X}<....o.........3...9.....r...p(....8....r-..p...(%....._........

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Mono.WebBrowser.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):166912
                          Entropy (8bit):5.900251369797621
                          Encrypted:false
                          SSDEEP:
                          MD5:AC6215E0A18A783958A39F6FD8E74057
                          SHA1:AC7CBAEC3869728B236634691C356512AF308054
                          SHA-256:7D2EB49A5120D9B1F3EB3C6501D4EED6CACF81F921FBF5C248AAB5F0D093F2EE
                          SHA-512:36EEE8F732E6E5C4664DCF77F5D1DC03DED650720624DE532CBBD4FE2214ACCBB2A08365AE2CFC8640E30F8AE1AA81532F867AD303C2798FC5288F6393A78E88
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...h............." ..0.................. ........... ....................................@.....................................O.......................................8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H...........x............................................................0..........s.....+...~+....r...p( ...o!...~+....r7..p( ...o!...~+....r...p( ...o!...~+....rT..p( ...o!...~+....r...p( ...o!...~+....r...p( ...o!...~+....rt..p( ...o!...~+....r...p( ...o!...~+....rc..p( ...o!...~+.....r...p( ...o!...~+.....rI..p( ...o!...*..{*...*f..~"...(....(#.....}*...*V...(....(#.....}*...*j..~"...(.....($.....}*...*Z...(.....($.....}*...*r~+....o%...u....r...p.(&...*:.('.....}W...*..

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\MoodkieSecurity.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):11776
                          Entropy (8bit):4.723986986850651
                          Encrypted:false
                          SSDEEP:
                          MD5:5C6CBAB0334DD9AA98631AC04A5E5DC9
                          SHA1:FA6B466B3B1D76DD5BC15783748C06F8B994DEEE
                          SHA-256:3A6403562A63373DF40D44530EBE3A278628A04E71EAA2BD7D93617E9C8C5DDA
                          SHA-512:2C01F1FAE087C526C979B2FD8E85E1EBDF8615DE66255EB57C0CA329BC145D2B85F42F32A0D6495975F609CB4B3F36E9C235324973407C09E56F814A0E80724C
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!....."...........A... ...`....@.. ....................................@..................................@..K.......4............................................................................ ............... ..H............text...4!... ...".................. ..`.sdata.......`.......&..............@....rsrc...4............(..............@..@.reloc...............,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Ookii.Dialogs.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):137680
                          Entropy (8bit):6.214711307347578
                          Encrypted:false
                          SSDEEP:
                          MD5:1303DD1AD88BCB093FBAFC218CC21241
                          SHA1:2B25DE6D9E86BCE35742A01B0CBCCE7E52EE0E6D
                          SHA-256:9510C64E943D32A0F8DFFB74BC28775CBB110A2EE622226287DBEA63F9C6CB34
                          SHA-512:06ACD558987815EDD3DDEA044933CB82B149A7F33100657C244B6BA8658FC79791A10616532729FAA6AE6627A4AAE10D7301AFD0D5EE34423B1A8FBE31DA52E1
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=.I...........!................N.... ... ....@.. .......................`......4.....@.....................................O.... .......................@......`................................................ ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........V...............7..P ......................................].........aM..>..R..&.r...u.mC...2..|.J....G.=..MVjD&...1@....pn.......x.0|+@.K*.*.........s..-w.o.4>.. ^.....WG..Z...&..b..{.....(....t....}....*b..{.....(....t....}....*b..{.....(....t....}....*b..{.....(....t....}....*b..{.....(....t....}....*b..{.....(....t....}....*"..(....*..0..C........(.....,...o.....(1.....(......(......(....(....-.. ....(....(....*B.{....%-.&~ ...*"..}....*B.{....%-.&~ ..

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PLUSManaged.XmlSerializers.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):129848
                          Entropy (8bit):4.59035674802188
                          Encrypted:false
                          SSDEEP:
                          MD5:C4727878168F82B11067E076FB466DFA
                          SHA1:9CE714CFD4733AAEF136EB661CCD6139650591A3
                          SHA-256:F57B869D005800DD6F5892BCE275E67E12D3893C704FE521FFC40B817837CC9E
                          SHA-512:77EFA3391A49CE298503376F749BA67399551433B6D988FAD2823472476AC1EEEC9291ABECE4550413070F690C315FA68129A229F4D0911BD8A1050EC3B7BF18
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......]...........!......... ......~.... ........@.. ....................... ......^.....@.................................(...S.......h...............8............................................................ ............... ..H............text........ ...................... ..`.rsrc...h...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PLUSManaged.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):474424
                          Entropy (8bit):6.170592951459482
                          Encrypted:false
                          SSDEEP:
                          MD5:6CA4211DEE0951AEE6B03B1A7219F2ED
                          SHA1:2EC0717ABA5975CF21E7EC3BD2BCF48D62F916F1
                          SHA-256:FAB4045360769B464E586100D5FEF3613D42FF83170EEB2076437690A98E67F7
                          SHA-512:E6F10DEAB123DE9B4539D33E3E1182C8294E2E6A89D22253EDC0067DE2FE2632C34614DFF86D88621E839494F1CD73F0C69032E7762DBDE548099765E45C385E
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..].........." ..0..............6... ........... ..............................Ub....@..................................6..O....@..............."..8....`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................6......H.......@...\............V...:............................................(....*.~....,..+..+.-# ....(I........(....o....s.........~....*.~....*.......*j(.... ....(I...~....o....*j(.... v...(I...~....o....*j(.... ....(I...~....o....*j(.... ....(I...~....o....*.~....%,..+..+.-.&(g...s....%.....*..(S...*..0..A........+/(.....o.......&...,..+..+.- ...(S...o....,.+.+..+..+..+.-..*.*....................0..C........+..+..+.-6(....,.+.+.,.+..+..+.-.. `...(I....(....(....*..(....*.*.

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Photon3Unity3D.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):184320
                          Entropy (8bit):5.782081123803779
                          Encrypted:false
                          SSDEEP:
                          MD5:EF6B2933A009B20348D0BC9A7DD2D1C4
                          SHA1:BB7436A9F9E9A1EB206090D0EBFCD16038CDD9B9
                          SHA-256:33FEB2A83AC325387566F51A54FFADABA87DF91411F97DB58F18FC725AF01F5A
                          SHA-512:190A575FA4672609DC0F736F90028D1A63ACD5BCAB48B14A06077BFA819A47B66E105BBD3A244E9062B3026F2F4414D015B4C5F9590312F3A9707BF12182AC1F
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....<M].........." ..0.................. ........... .......................@............@.....................................O............................ ......P................................................ ............... ..H............text...p.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H..........tE...........................................................0..S...............`.J...%....(......... .....J...%....(......... .....J...%....(.........*..(.......~....s....}...... ....(....}......(....}....*...0..A........(.......s....}.....{.....o......{.......J...o......{.....o.....*....0............{........+..*..0............{....oW....+..*....0..w.........s.......(.......oW...}....s........{....o.........,..o.......s....}.....{.....o......{.......J...o....

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PhotonChat.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):30720
                          Entropy (8bit):5.261620893547046
                          Encrypted:false
                          SSDEEP:
                          MD5:BE7BCECE8E0868CDB799433301A533CE
                          SHA1:A32AE85E5FC4171A8BBBA4526A29F183DB11299C
                          SHA-256:F639CF4E0C82100B86AACB8617E34D5BEAACE41A8D21724F88E2A91A33A5C607
                          SHA-512:52183F2483075061F8B9890697ECCA15BC5717FC45E0DBD4AF71C631A46EFC6E83FD0D40DCA55F5964BB4D783DA2B0CC77F012BBE8454B9D3BD0E4BFA0ECE504
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d!b.........." ..0..p............... ........... ....................................@.................................g...O......................................8............................................ ............... ..H............text....o... ...p.................. ..`.rsrc................r..............@..@.reloc...............v..............@..B........................H........>..(O............................................................{....*"..}....*..{....*"..}....*..(....*.s.........*..{....*"..}....*2.{....o....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..s....}.....s....}.....s....}.....(......}....*..{.....o.....{.....o......(.....(....*..{.....o.....{.....o......(.....(....*....0..K........{.....1..{....o.....{....0.*.{....o.....{....Y..{......o.....{......o....*^.{....o.....{....o....*..0..L.......s.......+-.r...p.{..

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PhotonRealtime.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):81408
                          Entropy (8bit):5.671379072499511
                          Encrypted:false
                          SSDEEP:
                          MD5:9A32B2E190A16061FC24691B68852A54
                          SHA1:DD3853AB7823BF15ED597FB8DF6DB5ECD38D3341
                          SHA-256:AC7BB4717AC024D90B5D485A371FA6B7F221FD36807F1FAB05F36BB6EC06D862
                          SHA-512:F77F0E772100FDAB96C5F560CAF5B8AEC4368FA78F72C240B9B4D882E5E2B14C027B369DD6CB7550B74D69CB374F6165DDABB30B4784CD159B86DF6B8CF3D299
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d!b.........." ..0..6..........FU... ...`....... ....................................@..................................T..O....`..............................xS..8............................................ ............... ..H............text...\5... ...6.................. ..`.rsrc........`.......8..............@..@.reloc...............<..............@..B................'U......H......................................................................*.{.......*Z.{....,..{....(....*.*Z.{....,..{....(....*.*6.{..........*.r...p.(.....4....(.....4....(.....4...(....*V..}......}.....(....*..{....*"..}....*..{....*"..}....*:.{.... ......*.......*R.{....,..(....(....*.0..D........(....~....,6.(....,(.(....o<...,..(....og....(....o%...o....(....&*..(....,.*........s.....2r}..p(....}....*..(....-.*.{....(....&. ....}....*..0...........(....9.....(....o<...-.

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PhotonUnityNetworking.Utilities.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):45056
                          Entropy (8bit):5.607427175365254
                          Encrypted:false
                          SSDEEP:
                          MD5:6538CE3B9F03A249E5B3863F66F4496C
                          SHA1:B693F494585B4739FB467B253742CD2E87E78157
                          SHA-256:BBA228C546131315F12037EF9AD7D4C2B693E34AD72F2586D70A300599F69EB2
                          SHA-512:D89E6F7B8F5FE1DFA5B41D3B66F00B812FD7E34333CFC86CDA1337F5593CEFFC1CD224693607AAE07C6C0E0932409AC4FAFF681FC4FA54D3E9F94CC08CE02066
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d!b.........." ..0.................. ........... ....................... ............@.....................................O...................................D...8............................................ ............... ..H............text...x.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........W..@m............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*N..{....}.....(....*...{....}.....{....,..(.....(....*....0...........(....-W(....,K......%.r...p.%. .....{....Y.R....%.r...p.%..(.....R....%.r...p.(....(....*(......{.......X.}.......s......{....9;.....(....o....{.....(....o....{....s....}......(....o ...{.....(....o ...{....s....}......|....{!....|....{"..."....s#...}......|....{!....|....{"..."....s#..

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PhotonUnityNetworking.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):93184
                          Entropy (8bit):5.59502210252838
                          Encrypted:false
                          SSDEEP:
                          MD5:EAB881FD8AF5AB5FD8382D1E3FF9E04F
                          SHA1:51BBB6CAB56673401648BE15FB0E9781CB6DDFAB
                          SHA-256:44C4D71876B2F76D5B4FE37C7313A7E796FB49573DB54EC161BA0A3B8051BBDB
                          SHA-512:7D366F91C2217BB40ED4D9924606207C90A57AA8981C073D9C8689789FB7D9A5C3F511790C4E33F276CD504F5A2361C28111A45E3F87C2964441DDE1B0842D63
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d!b.........." ..0..d.............. ........... ....................................@.................................s...O.......................................8............................................ ............... ..H............text....b... ...d.................. ..`.rsrc................f..............@..@.reloc...............j..............@..B........................H...........`............................................................0...............(.....W.......s...........s....(....&.....(.....V.......s...........s....(....&.....(.....Q.......s...........s....(....&.....(.....P.......s...........s....(....&*....0..g................~..........(....~.......{........(.....{........(.....{........(..........o.......,..(.......*.........IZ.......0..u...............~..........(.....~.......o....&....|....~......(......|....~......(.....

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\PhotonWebSocket.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):3584
                          Entropy (8bit):2.616904527232444
                          Encrypted:false
                          SSDEEP:
                          MD5:7735F69D4E03B5EA38F980D9CE773B65
                          SHA1:58AEA57ED06D12D35975CD378F670A4B966F6839
                          SHA-256:61614F0F76DB28ED76E26284FFA8FFA41522153BBECE6F0FDE1CE526890AB0A4
                          SHA-512:EC183096C94E06306343E6F8F37C0DB293BD3C229F7787CBF974867D5F19ABC44BA70C2D6D83F312C53B72A4D3A01CC5FDB9252AD149E9E2DD616CDD31AC9C4E
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d!b.........." ..0.............r$... ...@....... ....................................@..................................$..O....@.......................`......."..8............................................ ............... ..H............text...x.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................S$......H.......P ..T...........................................................BSJB............v4.0.30319......l.......#~.. .......#Strings............#US.........#GUID.......L...#Blob......................3..................................e.........'.....G...............................y.....y.....y.............".....A..............................................<Module>.mscorlib.DebuggableAttribute.CompilationRelaxationsAttribute.RuntimeCompatibilityAttribute.PhotonWebSocket.dll

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.ComponentModel.Composition.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):256512
                          Entropy (8bit):6.007980662039102
                          Encrypted:false
                          SSDEEP:
                          MD5:A286BA1C012B3F0E0015F2206D7C4345
                          SHA1:9CFBF75AD321A8670EBF9AE4415C9E24436FFB05
                          SHA-256:9BDC792FAB55D5820BC9157258C322E447B103E4078DBCB3849FFE0A17E54F17
                          SHA-512:2D6BA24E8E85ACD949FC50067BEC3397CC7964D419AC4CCFA410A9FDCDFD4AFE878E8BAEF6D5A64288F8D232186D6D51A70653A2074F238AB5DDB05B8E8C93F4
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!..................... ........@.. .......................@............@.................................@...K............................ ......$................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................p.......H.......X....J..........._..0T.........................................>.........(....*6.(...+.(...+*N.(...+.(...+.(...+*V.(...+.o.......(....*..-..(....z*..-..(....z*.r...p(....z..s....*^.(....(.....(....(....*&...(....*^......(.....o....t....*^......(.....o....t....*2.(...+(...+*6..(...+(...+*J......(.....o....*J......(.....o....*..0..K........-...Q.*..o....,...Q.*.....(.....o....,..u......,....o....o....Q.P...*..Q.*.....o....o....%~....o....%~....~=...o....*...0..........

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.ComponentModel.DataAnnotations.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):84480
                          Entropy (8bit):5.43616733069775
                          Encrypted:false
                          SSDEEP:
                          MD5:B34188FA0A45B438F5CEF1362E85147C
                          SHA1:1A4FA7EC667969E2D6177E42952B03536B6BB0C1
                          SHA-256:4B2B8F7B2EEBFF970EF247EC94D271D6664514DEE62A0A97F03B03DBE589F357
                          SHA-512:12C40A7E1C61F33E8C8610C35A5A8C74E739ECD8458F0E6403508D5DEA69956904D299718889036DAF71FECF5D01236B0DC04DBC0206ACD49B4C1E6DCC1E9E84
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....X............!.....@...........^... ........@.. ....................................@..................................]..K....`...............................]............................................... ............... ..H............text....>... ...@.................. ..`.rsrc........`.......B..............@..@.reloc...............H..............@..B.................]......H........^......................t^.......................................*6..(....(....*...(......(....,.r...ps....z..}+...*V...(......{+...s....*..{,...*"..},...*..{-...*"..}-...*.0..E.........(......%-.&.(....(.......(....(....(.....(.....(....,...(....(....*:...(....(....*6..(....(....*...0...........(.....(....,..*..s......o.....+;.o....t......(.....o....(............,....s...........o.....o....-....u........,...o......,..o.....s....*.*........Gf.......0..=........(......

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Configuration.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):124928
                          Entropy (8bit):5.752235138643036
                          Encrypted:false
                          SSDEEP:
                          MD5:D0A550F30B09AC8E5F49AD6D7DAAB4C4
                          SHA1:D502B45D880866D8608A5795033390FFDE6DF6A1
                          SHA-256:CD5793957604E1448443DA0D703F29A31100D4A7030C140121C7DDF6B2027D94
                          SHA-512:E24F1D15A5017AC034A52BB8E3466912199B45D75F0D3E4B03D3ED604BDF67F1109A75660ED22C1219973C5C6B3F33692777112FBDF14B5597EF967ECEA395DA
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$.............!..................... ........@.. .......................@............@.................................P...K............................ ......4................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H...........(G............................................................(....*..*"..(....*v..(.....-.r...ps....z..}*...*v..(.....-.r...ps....z..}*...*..{*...*..(....*:.(......}+...*..{+...*"..(....*.0..k.......r...p.....(....r...ps......sg....-...r...p.O...(........sg........s.....,...~,...~-...o....~,...~....o....*..(....*2.(....o....*.0..a..........(.....(....r...p(....,F.(......(....-..(....oa...(.....(......(....%.s........(....o......&..*...........C].......0..........

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Core.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):1046016
                          Entropy (8bit):5.865875828120713
                          Encrypted:false
                          SSDEEP:
                          MD5:EE54CDD0260259A087442949DA49F50A
                          SHA1:49AAFC2CAEB908CCC8F8598414A317CC2CEBF9C2
                          SHA-256:D982F54622EDC2ED4637FE547B70907F589A2AE4DE4B6D604C54EE35F97DCA03
                          SHA-512:09AF08EF2C72DEA7CCF440E168A684E35BCA1EBA96D6276E8A3855BE270EE8C91B92869B415622679F6DEA95C29B096001B756D1CA7C58DFF98A3B666A9E56D4
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....U.............!..................... ........@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H............~..................p.........................................{....*..{....*V.(......}......}....*...0..;........u......,/(.....{.....{....o....,.(.....{.....{....o....*.*. .=)! )UU.Z(.....{....o....X )UU.Z(.....{....o....X*.0...........r...p......%..{.....................-.q.............-.&.+.......o.....%..{.....................-.q.............-.&.+.......o.....(....*6(......(....*&...(....*..*..*J.,.(......(....*.*6(......(....*:(.......(....*>(........(....*>.

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Data.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):2081280
                          Entropy (8bit):5.859625808285469
                          Encrypted:false
                          SSDEEP:
                          MD5:50578819E23B7AD45ABE591AAC232B72
                          SHA1:41F6C5EB08CD95D404FF995710A826A5D5E52756
                          SHA-256:5D846F404B74488136627E4DF414BFF9FC24457735373B6184746B69900D00BE
                          SHA-512:CF92A686594C282209FDFC6F5A4C13518679A071E221BEE0B49B7D7D7FF3B329A016191F682F3A15C9A3FAF487382545601E9635FCEC930E360715D186234AE8
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....b.............!..................... ........@.. ....................... ...........@.................................D...W............................. .....(................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc........ .....................@..B........................H.......p....................m............................................{....*..{....*..{....*..{....*..(......}......}......}.......}....*....0..k........u......,_(.....{.....{....o....,G(.....{.....{....o....,/(.....{.....{....o....,.(.....{.....{....o....*.*..0..b....... ...q )UU.Z(.....{....o....X )UU.Z(.....{....o....X )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0...........r...p......%..{.....................-.q.............-.&.+.......o.....%..{.................

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Design.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):282112
                          Entropy (8bit):6.042220972407717
                          Encrypted:false
                          SSDEEP:
                          MD5:CCBDC2B8C73750F2EA0F770F55CA7B36
                          SHA1:E458C170DD5E05E479F2BF283FCE813C21747F6C
                          SHA-256:97CD25614C48832B2C655B30ED3D93C3D4B2336514235A5C010A5E64017A6EE7
                          SHA-512:582D886E321E656F395AF69BCBC7DFE243C0FB86F06F98D67084266174E4E09C07BF14CBE75275A7F268F24F50F5371AF78A8BD7FE6927423ED2FD1D07EBE97A
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!.....F...........e... ........@.. ....................................@..................................d..S....................................d............................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................d......H........i......................Li........................................(....*.0..A..........,.......(....o....u......,!.......s.......o.....o............*..*z.,..{....,..{....o......(....*..(.....r...p(..... .....xs....(......(....*..{....*~.(......}.....(.....(....o....*..0..y........{......_,..(..........o....*......+..........+.....(......s.......X.[.X...X.[.Ys.......X.[.Y...X.[.Xs........s....o....*....0...........o......(.....[..(.....[..(.....[..(.....[...(........s.

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Diagnostics.StackTrace.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):6656
                          Entropy (8bit):4.132868731508828
                          Encrypted:false
                          SSDEEP:
                          MD5:E00AC0F270FE5F78087B8520E6E5A213
                          SHA1:82651E4ABCD4A8D25A6C3B3642586846A1551759
                          SHA-256:926D996ABD199C8B3A51B837095251D98A3F539A8A678CA37CF8C14F46A279FB
                          SHA-512:FEAB8F26A63444596620150721202440E091ADB440534D27E7D29E7837DF25D3A273F5954246FAEFD236B49574C13452C7D8A0035790DA2234A3F945E82F1D7D
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O............" ..0.............*.... ...@....... ....................................@..................................-..O....@..h....................`.......-..8............................................ ............... ..H............text...0.... ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B........................H........!..x....................,........................................(....*:.(......}....*..{....*"..(....*"..(....*"..(....*"..(....*"..(....*R.-.r...ps....zs....zR.-.r...ps....zs....zR.-.r...ps....zs....zR.-.r...ps....zs....zR.-.r...ps....zs....zR.-.r...ps....zs....z..BSJB............v4.0.30319......l.......#~......|...#Strings............#US.........#GUID...........#Blob...........W..........3............................................................................

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Drawing.Design.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):29696
                          Entropy (8bit):5.390494125101462
                          Encrypted:false
                          SSDEEP:
                          MD5:F9D2083F251C3FF4C9FFD3B912F821C8
                          SHA1:C99CF81932417F2BA07E0061E2E4A53F1A6699CF
                          SHA-256:314AB8E4BB900F2FA02303B0BCB557627C6DC668DD3E6CC6B735A6C1C943968D
                          SHA-512:23E63C94B984D9A1F516CF9772F56A134641E4961AED406FE3FF7CAA2627C8B08ECD4541E023F39CD501F4253FCBBE6C18B5158118A2FAD1B59A2C61B28DABEB
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....L............!.....j............... ........@.. ....................................@.................................D...W...................................(................................................ ............... ..H............text....i... ...j.................. ..`.rsrc................l..............@..@.reloc...............r..............@..B........................H.......\6...R...................5........................................(....*..*"..(....*..(....*:.(......}*...*..{*...*"..(....*..(D...*.......%.r...p.%.r...p.%.r...p.%.r%..p.%.r3..p.%.r?..p.*.rK..p(....*..s....*..(....*.0..o........,b.,_.......(....o....t....}+....{+...,<.{....-....(....}.....{+....{....o.....{-...,..{,........*.*....(....*..0..i.......s.......o....rm..ps.....r{..ps.....r...ps.....s......s.........o.......o.....o......o.....o......o....s......s..........

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Drawing.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):481280
                          Entropy (8bit):5.859087431899079
                          Encrypted:false
                          SSDEEP:
                          MD5:9E6E1D60CE8FF75034A2B4A27CD9B324
                          SHA1:7A9DCFD917D6B4C8A76669206531802DE10E1283
                          SHA-256:A90E6DDE6BB97560564ADB30F084194BADE099F202A115CCA16D740F216371EE
                          SHA-512:8A0CE2200215CC58A65E4DA32AFC807D077CDC8A2A2DC29AE37F3EED9F2021E5EAAF34008A9296E3484B42B010CDE258ECE546F3457E2EC38D7AAEDB9396BAA9
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...%.............!.....N..........>m... ........@.. ....................................@..................................l..O....................................l............................................... ............... ..H............text...DM... ...N.................. ..`.rsrc................P..............@..@.reloc...............V..............@..B................ m......H.......dz..l................c...y........................................(....*..*"..(....*..(....*:.(......}....*..{....*"..(....*.0..'.......~.........(....t............(...+...3.*..0..'.......~.........(....t............(...+...3.*..0..'.......~.........(....t............(...+...3.*..0..'.......~.........(....t............(...+...3.*F~......Y..o.....*....0..........~..........(....~....,.~....~.....i3-~......X......~....,.~.......~....(..........~....~....%.X........s....

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.EnterpriseServices.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):44544
                          Entropy (8bit):5.651449561919065
                          Encrypted:false
                          SSDEEP:
                          MD5:B005F504101C625CD0C61FEBD9F80102
                          SHA1:2303739EF10BBDEA1EE0A585392CF2738E502E50
                          SHA-256:AA83EA4A85632D8C10C0CDDC44771FB06339198A05C96BB516101CF5D7584E36
                          SHA-512:525F3529FCCF2FD05305BAB5F65243A0B1A1350E514B9D3BEC689A67BCCDBE5F5AC3E1292464D3C24C4A0FEF0872F1E8AFC7CF78D7D9DC0DF6136E3014BF3E7B
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....\............!................n.... ........@.. ....................... ............@................................. ...K.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H.......l(.......................'........................................(....*:.(......}*...*..{*...*"..(....*2.(....s....z.s....z:.(......}4...*:.(......}4...*..*2.r...p(....*..{1...*"..}1...*..{2...*"..}2...*..{3...*"..}3...*..{4...*"..}4...*:.(......}5...*..{6...*"..}6...*..{7...*"..}7...*..{5...*N.(......s....}8...*..{8...*:.(......}9...*..{9...*r.(......}:.....}<.....};...*..{:...*"..}:...*..{;...*"..};...*..{<...*"..}<...*:.(......}E...*:.(......}E...*..{E...*..(....*

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Globalization.Extensions.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):6144
                          Entropy (8bit):4.417515911137423
                          Encrypted:false
                          SSDEEP:
                          MD5:64A4856A74B790AE43B87947D3CF0200
                          SHA1:04566DFC3E8FA36FA85D308C37BA833B6925EF98
                          SHA-256:C4F15BBFF3E54178A8B2F10D7FF85A8827C37EBBC47B6794CF3FBDE9F89FF483
                          SHA-512:E9E111910E83642C1AEE809406243BCB9F063DCA08BFE993E515387B2400BA20B9B3D91F26B29E4D762C6BE373C31179698B665DFBDA11E8D6E767BDBD87329E
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l.a..........." ..0..............-... ...@....... ....................................@..................................-..O....@..x....................`.......,..8............................................ ............... ..H............text........ ...................... ..`.rsrc...x....@......................@..@.reloc.......`......................@..B.................-......H........!..x...................D,........................................(....*"..(....*Z.-.r...ps....z..o....*"..(....*Z.-.r...ps....z..o....*.0..K........-.r...ps....z. ...@3.(....*. ....3.(....*. ...._,.r+..pra..ps....z..s....*V.(......}......}....*...3..*.-..*.-..*.{.......{....o....*...3..*.,..-..*.{.......{....o.......*..-.rq..ps....z.{......{.... ...._o....*.0..,........u......, .{.....{....3..{.....{....o....*.*f.{....o.....{.... ...._a*..BSJB............v4.0.30319..

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.IO.Compression.FileSystem.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):23040
                          Entropy (8bit):5.044751398090971
                          Encrypted:false
                          SSDEEP:
                          MD5:CC9E65167F03D38EDAD0AD156E16213D
                          SHA1:4BD6E30B6281CD89D77D88C2B777163B67295DFE
                          SHA-256:FC1595F8E0164010C2AC441266BC532F39E914F4F894D09FDFCFCF262C48E4B9
                          SHA-512:07B64E4C3BE66231A7F8F7D3A615215A42AFF2445D5DE9E67D54517D9D412A52078958FCDD6482C90361384F565F9E2A339F961CB2E64B728694DA1547572F89
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...[..............!.....P...........n... ........@.. ....................................@..................................m..O....................................m............................................... ............... ..H............text....N... ...P.................. ..`.rsrc................R..............@..@.reloc...............X..............@..B.................m......H............?...................-........................................(....*R.....(...+%-.&(....*^.....(.....(...+&~....*.s....*"..s....*.*..0........................(........(....(...........X.(...........X...(....(.............ZX.(.............ZX...(....(.............ZX.(.............ZX...(....(........(....*.0........................(........(....(...........X.(...........X...(....(.............ZX.(.............ZX...(....(.............ZX.(.............ZX...(....(......

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.IO.Compression.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):98816
                          Entropy (8bit):5.9752256094993985
                          Encrypted:false
                          SSDEEP:
                          MD5:0FC5BD3D383A4B122E3B41F8BEDBCA50
                          SHA1:F1F0BBB84BAC14EA8194610B1AA700CF52DC4FCB
                          SHA-256:C457AB509C57506C08C52D23FF0581BA677F2AF930EFC882C8CE8B03E1EB46EC
                          SHA-512:95395C8BC2A4B9914EB207966EE3403938D863609EF49481BD720F9C2ED165EF62B640EF1B2647FD47F5F612BBA092827CBADF13DD3B4C0AEEBD3DD099DCD089
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...U..............!.....x............... ........@.. ....................................@.................................L...O...................................0................................................ ............... ..H............text....w... ...x.................. ..`.rsrc................z..............@..@.reloc..............................@..B........................H.......`..............................................................6(......(....*&...(....*..*..*J.,.(......(....*.*6(......(....*:(.......(....*>(........(....*..(....*...0..t..........,).o.....o.....Y.o....Y(...... ....1. ......,....o....+....o.....o........(.....,...1...o.....o.....o......o....*.0............o.....f....o....*..(....*..{v...*"..}v...*..{w...*"..}w...*..{x...*"..}x...*v..(.....X(......(.....Y(....*J.(.....(....s....*f..{y...(......{z...(....*>..}y.....}

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Net.Http.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):114688
                          Entropy (8bit):5.923800816642526
                          Encrypted:false
                          SSDEEP:
                          MD5:A4F3286BC52FDE6FF5CE34A6A7751244
                          SHA1:4FBD12ADCF8D45650ECFB52E2AE7B0A7FF3FCA5A
                          SHA-256:8AF926F1069EE346EEAB9008E71DA39C7F54D2839469B61AE33D0571C6956C76
                          SHA-512:C37AEED6AC025BF415AF460F3430E8D1E471EC229639D3424F173EED024C40CBC2D7BD5D8A825C666004706A3C828BEF47430080E7457DDD00921494A2C1C836
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...as.............!..................... ........@.. ....................... ............@.................................t...W...................................X................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H...............................8.........................................(.....-.r...ps....z..}*......i},...*...0..H.........(......2...{,...1.r...ps....z..2...{,....Y1.r...ps....z..}+.....},...*v.{*....{+....{,...s....(...+*f..{*....{+....{,...o....*...{,...jU.*..(....*r.(.....-.r+..ps....z..(....*..{1...*Z.-.rE..ps....z..}1...*..,".{0...-...}0....(....,..(....o......(....*:.(......o....*...(....(.....(....r_..pst...o....*.0...........-.r...ps....zs......o.....+M.o......o..

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Numerics.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):114176
                          Entropy (8bit):5.554566824084833
                          Encrypted:false
                          SSDEEP:
                          MD5:1B57A9D8B85BF6D8CE1C50AB950AFE39
                          SHA1:56FBBC77675F6C7D82F3210D38E862EAECDA8DBD
                          SHA-256:8633CE312516585BD70DD5B4213363CB1E581A75A76CF7A4EA3BFDB4F4BCA85D
                          SHA-512:B928986DC4A980A4C539C440F0544A8423FD609E6304632931F10B676683BBC42111E8B2C3C1C1375C1BACA4477EC382C9797CD43ADEEFC91396D1E21FFE3009
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...,7.............!..................... ........@.. ....................... ............@.................................d...W...................................H................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........%.......................%......................................6(......(....*&...(....*..*..*J.,.(......(....*.*6(......(....*:(.......(....*>(........(....*..(....*&.l(....k*&.l(....k*..l.l(....k*..l.l(....k*&.l(....k*&.l(....k*&.l(....k*..(....*.~C...*..0..Q........{=..."...?3B.{@..."...?35.{>..."....3(.{?..."....3..{A..."....3..{B..."......*.*J.{A....{B...s....*f..{a...}A.....{b...}B...*...}=.....}>.....}?......}@......}A......}B...*....0..L........."...?}=.....".

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Runtime.Serialization.Formatters.Soap.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):38400
                          Entropy (8bit):5.458518397084208
                          Encrypted:false
                          SSDEEP:
                          MD5:63D0DFF846E03EB23C647EA77E03F5CF
                          SHA1:7BBA4788F139921A8A5A50D0FE17077548D29B83
                          SHA-256:3001400F6799CFB47F0EB098B13C96C8EC4F5D46626F91D6035953F80367286E
                          SHA-512:D3A83F66ECD63B141EC3AED6D5228735F6FAC05878646B21B5B228DBC1807E375340A25D518EE44F6FE456638DD1E52E94CABC9FAAF83F14D4AFC126CA1D9E4E
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....?............!..................... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........L...]..................dL........................................(....*..*"..(....*..(....*:.(......}*...*..{*...*"..(....*...}3.....}6....(......}2.... ....s....}1...*...}3.....}6....(......}2.....}1...*&...(....*..{0....{2....{1...s!.....{5...o"...**....(....*..0..[........-.r...ps....z.o....-.r)..ps....z.-.ry..ps....z..{2....{1....{5...sX......{4....{3...od...*..{2...*"..}2...*..{0...*"..}0...*..{1...*"..}1...*..{5...*"..}5...*..{6...*"..}6...*..{3...*"..}3...*..{

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Runtime.Serialization.Xml.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):7168
                          Entropy (8bit):4.4401338984759615
                          Encrypted:false
                          SSDEEP:
                          MD5:F4CC876A99A54DAA11C8405449FC8EAC
                          SHA1:88C088D950E2F55321AA7A5C69CBEE4C7A079765
                          SHA-256:8B4739EE253BD0AF984AD069CE2FCE0F8F69A0051E501ADE202BD7C96CA7AADD
                          SHA-512:3472771E2F0719B755CC0DE031A932F41EE151CF7155CD87E2CC008A769D64F35FC8A62BF58D2089641D03B27F6D28BA57C831F5CFD1F8CA3FEEA83EB05AFBE1
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............0... ...@....... ....................................@..................................0..O....@.......................`......./..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................0......H........!..,...................H/.......................................s....*..s....*..0...........o....u......,..o....*.*.0..%........s..........(....r...p.$o......o....*:.(......}....*..{....*.(....z.(....z6.{.....o....*:.{......o....*.(....z:.{......o....*.(....z.(....z.BSJB............v4.0.30319......l.......#~..,.......#Strings........0...#US.........#GUID...........#Blob...........W..........3............................................................................

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Runtime.Serialization.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):928256
                          Entropy (8bit):5.5767931578834
                          Encrypted:false
                          SSDEEP:
                          MD5:C7A98DF54D532C98CF2A6EB1CD64E78E
                          SHA1:2E31E30D6E8A81973D0810507790FB9253BF3D82
                          SHA-256:C5998C329E93930241728EEF8370496D60A44A3945589320402DB0223C6EF527
                          SHA-512:EEEA2B2D629F0FFA619E8BEA54BDE2161839CF6D2DCD8B90E2085216B4EF8FFA1C9268F46B1230420BF4D7A85046BBB53D3029007307E897A03D493F0F87E97C
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?Tx............!..... ..........^>... ........@.. ....................................@..................................>..O....@.......................`.......=............................................... ............... ..H............text...d.... ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......(..............@..B................@>......H........N..p....................N......................................6(......(....*&...(....*..*..*J.,.(......(....*.*6(......(....*:(.......(....*>(........(....*.*.0.....................o...., ....1....(...... ....1. ......+.. .............+..........i..Yo........,.....X......i2......Y1....(.......X.....i2%.o.........-.. ........%.X......Z..+....i3...1L..............+%..............i(...........iX.....X.....2..........Y(........*...0..K...........o....,.. ....(.....+. ..

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Security.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):135168
                          Entropy (8bit):5.581978489554571
                          Encrypted:false
                          SSDEEP:
                          MD5:54EE5F8B82721791BE54044D9546882A
                          SHA1:01B2A076AD1209A4C98F58B74DC2861D51EFBCB4
                          SHA-256:7AA4C8EA6A64B1260358260F8DDCD5E4B0F20DC018799106EFFCAC08470B9759
                          SHA-512:D8659278DD1D2B634F913228FCD6739EE7F648D3AC8406E9621F0530D0048C7D6134DB902011FFEF50110F9292E47BF4EFB93B65C4702300ACE4CE39D519D522
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Z...........!................. ... ...@....@.. ....................................................................... ..O....@.......................`....................................................... ..............d ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................%. @...........@ ......Z ..........N ... ........................_CorDllMain.mscoree.dll.@ ........H.......H....2..........D........%........................................................................................................(....*..*."..(....*....0,..........:....r...ps....z(...... ....o......s......o........s............io......o.....o............9......o...........9.....o.................(.......o.......o.......D..........o.......9].....i.>T......o.........8/.........

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.ServiceModel.Internals.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):214528
                          Entropy (8bit):6.160552615840542
                          Encrypted:false
                          SSDEEP:
                          MD5:42008DCC96CAF166A5A6A5C3861A618F
                          SHA1:66D9ECA7EC0856DAD9C0EC37670F5A4513AA7303
                          SHA-256:44BA40965149AE2CC0021100CA6F5157346D8DF8A88FDAF76489B208F163E933
                          SHA-512:BFDBB4B8697213ACCF64620C7A53B8A49E07C39F7231395E77183EC5C3333434505EFDEDC12A623C59B703038EE1483FB5529A14ABD41BF4EC1F7EB05CB19277
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....!H..........." ..0..>...........[... ...`....... ....................................@.................................t[..O....`...............................Z..8............................................ ............... ..H............text...$=... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............D..............@..B.................[......H.......$@......................8Z......................................6(E.....(....*&...(F...*..*..*J.,.(E.....(F...*.*6(E.....(G...*:(E......(H...*>(E.......(I...*.*..(J...*..{:...*"..}:...*&...(....*.(....-.(....-.(....op...,....sN...(....*...(....*..{9...,.(....r...psK...o....z..}9....(J...(....*..{9...,.(....r...psK...o....z..}9....(J...(....*N.,...(....*..(....*:...{:...(....*...0..............(L....*...................{A...*..{?...*.0..\.............Y.6&+H.{>....3?(..

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Transactions.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):34304
                          Entropy (8bit):5.306526838699087
                          Encrypted:false
                          SSDEEP:
                          MD5:D07F3CBBE8EB30ED793C0BD04A5DC973
                          SHA1:BB8288798058A385A5FC5A136A3209528B9CD537
                          SHA-256:B77CDE418AED34056FBF0B5F8593857335200C64CE2142FFC17F6B7426F81833
                          SHA-512:ECFCE0D4A2151380FE7A8E4C15C62DB8C9B4549132BC1D01AD4B9EAAFED1009131A2424E986C8350D3A0DF6A689F17DC437CAE4AD144DC6E6CEBEFA95C84C6F8
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................!.....|.............. ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B.......................H........3...f...................3........................................(....*..*"..(....*..(....*:.(......}*...*..{*...*"..(....*.0...............'....(....*~.(P....|+.....'....|+....(....*:.(P.....}+...*..0../.........},.....}-......,........s........(u...}.....*.....r...pr...ps....z..{....(v...*..{....-..o....,...}.....{,....o....*..(w...*.s....z..{-...*2.{....o....*2.{....o....*2.{....o....*..(P...*..{2...*J..r...po....}2...*.(....*:.(......}3...*:..}3....o+...*.*..()..

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Web.ApplicationServices.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):33792
                          Entropy (8bit):5.070195232482362
                          Encrypted:false
                          SSDEEP:
                          MD5:B820F653DE9D10D415156F62D1C490EB
                          SHA1:6C55701F13E16E0D3D960122B6F0F0586FBDA034
                          SHA-256:7BBFD2C7D4C33B4FF969C5CE6AB27ED3D91E85BD0F181D9263BCAB37C98051D8
                          SHA-512:9C587179346E03FF406D2D9BC379297096E8345D3FEF03072D0AD6CD4DDA824854C4FEFCE81D8CE4D3DF8EC44F90C463FB7874C1905F219D5CC4A1BA255DC4EC
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...:x.............!.....z............... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text....x... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H............h..................\.........................................(....*:.(......}?...*..{?...*"..(....*..{@.....o.....{A.....s.........o....&*^.{@...o.....{A...o....*6.{@....o....*:.{@.....o....*...(....1.r...ps....z.{@.....o.....{A......s.........o....*..0..%........{@....o......(.......2..{A....o....*....0..E.........(....2.r...ps....z.{@....{A....o............(....o.....{A....o....*2.{A...s ...*2.{A...o....*..*...0...........{A....o............(....*...0..X.......

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Web.Services.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):354816
                          Entropy (8bit):5.781498138288882
                          Encrypted:false
                          SSDEEP:
                          MD5:7DF120730F9BF064F613C42399D1A958
                          SHA1:CBEA682C20A8E2A2BC6442EFDDF95CCB9B566E73
                          SHA-256:B9F761E06F97EA54E76A5FA79FDF53A04D397BD446D9EE975F4CD7C17E4C7B87
                          SHA-512:4BF3668947CC43D37F686DC61C67E9936920FB0747BF117941A35640A35DC40557D8BDDBF571DDBF43C802BFA67C12F83DF71BA829F753616684B7B815C963B7
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z...........!.....`........... ... ........@.. ....................................................................... ..O.......8............................................................................ ..............d ..H............text...@^... ...`.................. ..`.rsrc...8............b..............@..@.reloc...............h..............@..B.................%. @...........@ ......Z ..........N ... ........................_CorDllMain.mscoree.dll.@ ........H.......l...T............]..XL...}........................................................................................................(....*..*."..(....*.....(....*:.(......}....*...{....*"..(....*..."..(....*..."..(....*..."..(....*..."..(....*.........(....*......(....*......(....*......(....*..(.......}......} .....}".....}$....~....}!....~....}#...*...{....*"..}....*.....{ ...*

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Web.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):3154944
                          Entropy (8bit):5.764259339709979
                          Encrypted:false
                          SSDEEP:
                          MD5:76A51A9D3D72ACC0083AC879D8A06196
                          SHA1:85F7F15E3563F46BCFABC50AA9CB316D17C4869F
                          SHA-256:0A8E8068E7E7D53ED418F1A61C490AC6D1DFD162B213F72026818FEA76446226
                          SHA-512:0992DF4EBB1B5F49B97CACA4802FC0B512098E4A10F97E986C55F7926765DE0CC3EBD287640A64F3915504F505BF4643103A78D8296B8778F3BE2A6D7BD43979
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....3............!......0..........;0.. ........@.. ........................0...........@.................................l;0.O....@0......................`0.....P;0.............................................. ............... ..H............text.....0.. ....0................. ..`.rsrc........@0.......0.............@..@.reloc.......`0......"0.............@..B.................;0.....H...........D ".........H....]............................................(....*..*"..(....*6(......(....*&...(....*..*J.,.(......(....*.*6(......(....*:(.......(....*>(........(....*..0...........u......-..*.o.....8......(....o1.....,..o....,w.o.....+U..(........o-.......E................#...+*....(....+.....(....+.....(....+.....(......(....-...........o.......(....:e.............o......*.........7.b....................0..F..........%.Q.Q.o......,..o....-..*.r...p.o....-..*

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Windows.Forms.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):3061712
                          Entropy (8bit):5.785324321898587
                          Encrypted:false
                          SSDEEP:
                          MD5:C34FC23F1A21F08A6274896391BB0689
                          SHA1:C1E235F6A2F4E01FE791E8B2433FCE9C20F43EA5
                          SHA-256:A0855DD4DE2BCEBA03086A8CE7E85160B8A758F03B8D9E7844E60617E4246F78
                          SHA-512:5286D64DCA68C8BFCFB1AEAC50DF87C094D58C348C10C7F952CD84719A6CC8BFD76F7B455524B89C4BA2AFB44AF1653413BAE4806B1172F64E91E72B181882A1
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....oV...........!................. ... ........@.. ......................../......3/...................................... ..O.......H............................................................................ ..............d ..H............text....... ...................... ..`.rsrc...H...........................@..@.reloc..............................@..B.................%. @...........@ ......Z ..........N ... ........................_CorDllMain.mscoree.dll.@ ........H..............................H.........................................................................................................(....*:.(......}....*...{....*"..(....*..."..(....*..."..(....*..."..(....*..."..(....*.....(....*..*.6.(.....(....*..:...~....(....*..0..X........(.....:....r...ps....z.:....r...ps....z.o....:....r...ps....z..}......}"....~....}$...*.0...........(..

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Xml.Linq.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):119296
                          Entropy (8bit):5.779910535126763
                          Encrypted:false
                          SSDEEP:
                          MD5:FC3A20F4ADEF288E1622D0468E9AEDA3
                          SHA1:F88D017C6753A5FD1DF711297989B15F32C2E28E
                          SHA-256:5FA26C37AF7ED3C73C2909C95406F91DAD5BD366BFF822A640142B9C556020C8
                          SHA-512:8CF8C4AD3E6FE5E5AA273BB9879FAA3D345BBDF7BA0903598E9F92D26C4EFF6E66ADF686EED71E3DE08D541CE58A044FB80C7EEAC96E7CA73BB920747DD9CAA6
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...|.2............!..................... ........@.. .......................@............@.....................................S............................ ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H...............................<........................................0..B........(......}......}....r...p(}......rU..pox...}......r_..pox...}....*...0..L.........}......}........o........s...+...3K.t2...o.......-.rg..p(O...s....z..`.+D.t7...o_...-..o....-/r...p(O...s....zr...p......%........(P...s....z..{....o....s....}......o....(......{....o.....{.....{.....s....}.....{...........s....o.....{.....o.....,..{.....o....+..{....o......(.......3...t7...(....+...t*...(.....{.

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Xml.XPath.XDocument.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):5120
                          Entropy (8bit):3.9242595464738685
                          Encrypted:false
                          SSDEEP:
                          MD5:8C67C8280B9B25338CF16CD79A945FFA
                          SHA1:A07A07E202FB497073C1F425F9FA12544706ABE8
                          SHA-256:DA7398FD5892E2288997968E82892DBD776F96F5E0EE38D7B8B5205F335ADE08
                          SHA-512:9712449AED50A3CCF9587941C1D4720791961E54697C98C08A258022C4D46581CE5797945D895FF6ADD069BFAE0A16471176C058B79BC941B332A3CF541A1C14
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5<............" ..0..............)... ...@....... ....................................@..................................(..O....@..X....................`.......'..8............................................ ............... ..H............text........ ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B.................(......H.......t ......................p'........................................s....*:.(......}....*2.{....(....*BSJB............v4.0.30319......l...<...#~..........#Strings....D.......#US.H.......#GUID...X.......#Blob...........W..........3....................................................................~.6.....6...|.6...S.#...V.....g.................c...../.....H.................y.......................n.....................e...9.........@...9...........P ....../.....X ......

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.Xml.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):3138048
                          Entropy (8bit):5.8371527919584345
                          Encrypted:false
                          SSDEEP:
                          MD5:CD289F2ED2BD7D0BB13A608219B66AE9
                          SHA1:62DCED36DC642E847912952E9778C9F19970767C
                          SHA-256:F37FA3AD6135A3BD298E7E6196DEBD1629891723767263D6FE80359F71EE6EDD
                          SHA-512:67C05EC1791D4292F98253933251EC0DBD51CC19AE871F47C713BFB6F3C304565A0E5336FDA021A71C6C235ED0719EBBF81AE351E80089B8FD86647A15EA4AC9
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....QB............!....../.........../.. ........@.. .......................@0...........@.................................D./.W.....0...................... 0.....(./.............................................. ............... ..H............text...../.. ..../................. ..`.rsrc.........0......./.............@..@.reloc....... 0......./.............@..B................../.....H.......L...............................................................6(......(....*&...(....*..*..*J.,.(......(....*.*6(......(....*:(.......(....*>(........(....*..(....*"..(....*...oY...o|...}w....{w...o......}l....*>.,..o}...-..*.*..s....*..(....*2......(%...*R..(&.....{C...}C...*:..}C....('...*...0...........{C...-F..{Z...o....}`....{`...-..*..}a.....{`...o|...}`.....{`...o....}C...+...{`...o....}C....{C...,...{`...o0...,...{a....X}a....{`...*...0..3........,..o}....3%

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):2715136
                          Entropy (8bit):5.886046132825917
                          Encrypted:false
                          SSDEEP:
                          MD5:15356CB6634E20767EC562704A2CAA02
                          SHA1:598DBC48BBC2AC714D3BA18F3383A1E4A1B2B805
                          SHA-256:7024DAAA80B55752A1D09471AA0C8EC88DEA64A68AB730253D045EB887A50451
                          SHA-512:05193898E36ACD83BA3EE242DDCF076D3C34BBC5D33E306F4B3D2395E0511D5B1C1ED3E9F22180F279022667618D64B0FFB1BBA04830D0500C753B2ECDD1BFFB
                          Malicious:true
                          Yara Hits:
                          • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.dll, Author: Joe Security
                          • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\System.dll, Author: Joe Security
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!.....f)...........).. ........@.. ........................)...........@.................................\.).O.....).......................).....@.).............................................. ............... ..H............text....e).. ...f)................. ..`.rsrc.........)......h).............@..@.reloc........)......l).............@..B..................).....H...........,...............`...........................................6(......(....*&...(....*..*..*J.,.(......(....*.*6(......(....*:(.......(....*>(........(....*B.,..o....*~....*j..o.....o.....o....o ...&*..{....*"..}....*..(....*..0...........(......}.....,.......{........o........3;....R34....I3-....F3&....F3.....W3......A3......V3......E..r...p......(....s....z.{.......o.......@........f@........m@........t@w....... @m............b`.......b`.......b`..{.......o.......

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.Analytics.DataPrivacy.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):7680
                          Entropy (8bit):4.410384628538432
                          Encrypted:false
                          SSDEEP:
                          MD5:9781CBD621668475B17CFE9889798B0E
                          SHA1:573A6EEE223B945AD44E0F2C07FC35C6D6EF2B78
                          SHA-256:18E2DFAFD8DF30124118E375497DD9693263D932542DD3EE9E064C7983D9C02B
                          SHA-512:A2546297DA58EE34816282FB62B3EE334F5332CD84505EC8BE4F81A88376069F694016D92CBB0C012A26C0DADAB9FCB315051AF1C1F8ED6CCF8A389791A6F8B9
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d!b.........." ..0..............4... ...@....... ....................................@..................................4..O....@.......................`.......3..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................4......H.......l#...............................................................0....................(....}......(....}......(....}......(.............o....}......(....}......(....}......(....}......(....}......r...p}.....*.0..Z.......r3..p......%.(.....%.(.............o.....%.(..........%.(....-.ru..p+.rw..p.%.r...p.(....*...0..8........o....o......o......(....,.r...p..(....-..r...p.(......*.0..........s.......}......}....(.........(.....(.....o....s......r...po.....r...pru..p(....

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.Formats.Fbx.Runtime.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):5632
                          Entropy (8bit):4.174266258367011
                          Encrypted:false
                          SSDEEP:
                          MD5:8B443495126CFB198CD700B656D20B6D
                          SHA1:4DBB18200B361A4793209D9E1BC55B738592A52A
                          SHA-256:E72419385825D1B7E7E8F764D5FA659DBF0C63D2F0441E333EB7AC8059B8EB24
                          SHA-512:18B74BAD60E52DA448B1DAD58502B8AA01AB47D3858745FA1E2648E4AA659EEF3F0D5A9D041B4BA1571E33BD90DAEB75DE3528FA0FFE22E6B1A1A131FB72F09A
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d!b.........." ..0..............-... ...@....... ....................................@.................................;-..O....@.......................`.......+..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................o-......H.......H!..x.............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*..{....*"..}....*..{....*"..}....*....0..'.......~.........(....t............(...+...3.*..0..'.......~.........(....t............(...+...3.*R~....,.~......o....*f.s....}......}.....(....*..BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID...........#Blob...........W..........3................................

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.Postprocessing.Runtime.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):148480
                          Entropy (8bit):5.984239008404135
                          Encrypted:false
                          SSDEEP:
                          MD5:2BD3ADE6ED3973239AB4FDE7BC8EA621
                          SHA1:B044B933DE930F9652B96DAE7614B7E11C823BB5
                          SHA-256:457BB10A90E8386DD880EC086C9BEEDD5CB5AF5D23A3D346AF9D93EAEFE0C570
                          SHA-512:53847D130404039CAE341B8B6807A71A38FD158D91CA9BE96220A3BA710A58F70A53D0D1D02EE4E4612205DBA415A3C3A03817E85B8E8DC4B1AF185F978C4822
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d!b.........." ..0..<..........zZ... ...`....... ....................................@.................................'Z..O....`...............................X..8............................................ ............... ..H............text....:... ...<.................. ..`.rsrc........`.......>..............@..@.reloc...............B..............@..B................[Z......H............H..........................................................:.( .....}....*:.( .....}....*:.( .....}....*V.( .....}......}....*..( .....}......}......}.......}......}....*..( .....}......}......}......}....*:.( .....}....*..(!...*..("...*...0..L........{+...{#...,..{....{$..."......+....{....{%...-H.(......._..9......or...{....{....(&...,..or...{....{....o'...+.._.8.....{....{%....@.....9......or...{....{....(&...,s.or...{....{....o'...,\.or...{....{....(&...,E.or

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.ProBuilder.KdTree.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):18432
                          Entropy (8bit):5.213414849418467
                          Encrypted:false
                          SSDEEP:
                          MD5:EAC505E2270D0B2666576BCD5862E6CC
                          SHA1:25DFCC70C73B590355519FD28E50D2D5B0D137F2
                          SHA-256:F10AEE32730B568BF9AD65BBBACB9D66278B62E602A7F5ECDC904114B60FC676
                          SHA-512:33011F82556DA73BC37ADA1EF9E8F0383D38161311A36619C1C6D3C208620D6C1F135BD2BC1499BF006FF6B0FC9055C763E0D53F5838BB54BC33A43CA7A2A8C5
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d!b.........." ..0..@..........._... ...`....... ....................................@..................................^..O....`..............................H]..8............................................ ............... ..H............text....?... ...@.................. ..`.rsrc........`.......B..............@..@.reloc...............F..............@..B.................^......H.......<3...*............................................................{....*r...i.....}......{.....o....*..{....*r...i.....}......{.....o....*...0..V.......................(............(......+*..(......o...........(......o...........X...2..*...0............i........+t..{.................o.....1....{...............+?..{.................o...../....{...............+.................X....i2..*....0..$..................(....(.......(....(.....*2.r...p(....*r.(......}......}..

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.ProBuilder.Poly2Tri.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):34816
                          Entropy (8bit):5.376117139401258
                          Encrypted:false
                          SSDEEP:
                          MD5:235C294A392F6C9131396D426A9DCB53
                          SHA1:155E4902DA97CDE1FCCD4636F650ECB634C2730F
                          SHA-256:233526341EB64E6C66EAA4C1F9F3C98B56F2BA5743B686E97A79E2C19BAC7A68
                          SHA-512:AF32C67438608A05464B7A9EAF9C18D589EC16EE8A57E9CF7284F87FD5B9B4A21AFF3551C3FF3039283183A553284A8B99BDCF1CDE713DD792E0409E2FA3AD41
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d!b.........." ..0.............:.... ........... ....................................@....................................O...................................l...8............................................ ............... ..H............text...@~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........U...F...........................................................0..H.......~....(......o%...o.....+..o.......o.....(.....o.....o....-....,..o.....*........&=......2~.....(....*".&s....*N.(....%.o....(....*...0...........o......&.t....(X...*.*..0..f........s....}.....(.....o...../.r...pr;..ps....z..o......o.....Yo....o....,...o.....Yo.....{.....(...+o....*^..u....%-.&.(...+(....*"..(....*..*..{....-..s....}.....{.....o....*..{....-..s....}.....{.....o....*R.{....,..{.

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.ProBuilder.Stl.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):12800
                          Entropy (8bit):5.144694117812634
                          Encrypted:false
                          SSDEEP:
                          MD5:918D502A7B3CA55EEE419E8EFDE01FC8
                          SHA1:15A7F733D05352E0DC1E26A59D43BC6192F8A112
                          SHA-256:EF819504AEA66AA671E1108E0EED05FA4AFFA601CFD5D0EEF8C217C30595466E
                          SHA-512:5BEE5ED16A439EFAC3C73C2AED6F93A41C5D3F9E1218F5A4C6A72DE294973BF7684E6E6BE4EBFBB4C093402F3E815A58878FDF7DF783A4AF8A031427A244247B
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d!b.........." ..0..*...........I... ...`....... ....................................@..................................H..O....`..............................HG..8............................................ ............... ..H............text....)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............0..............@..B.................H......H.......D/..............................................................N.......%.....(....*.0..2.........@......(....s....s.......P."...o.....~....%-.&~..........s....%.....(...+.[...o.....o.....8.....o.......-...o....+...o....(.......-...o....+...o....(........o.........i...,...(.......8#...............X........X..............................(.........{....o.......{....o.......{....o..............{....o..............{....o..............{....o..............{....o............

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.ProBuilder.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):355840
                          Entropy (8bit):5.8598155869906385
                          Encrypted:false
                          SSDEEP:
                          MD5:481A439D4D777F439C7321230E4F1CF6
                          SHA1:5F26239188C663A30D53DEB6D41A1F7797BB1E4A
                          SHA-256:356E944F0B84703974DBB027CA127C31078D44C972517F1231113775DE33D997
                          SHA-512:A72676597C2947BB5C7FA13B5BE9D0F0F529EC164C1775DB5AF9452CECFD1D4803E95A9EAFD455B4627E1B32F3920A4ED92914882477E0EF21E2CD0275684B05
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d!b.........." ..0..f..........j.... ........... ....................................@.....................................O.......................................8............................................ ............... ..H............text...0e... ...f.................. ..`.rsrc................h..............@..@.reloc...............l..............@..B................K.......H............m............................................................{....*"..}....*..{....*"..}....*V.(......(......(....*>.,..o.......*.**.(.......*n.-..r...ps....+.(....(....*2.r...ps....*2.r...ps....*2.r5..ps....*...0..).........i........+...................X....i2..*....0..?........o....s......o.....+..o........o....o ....o!...-....,..o".....*......... 3.......0..1.......s#.......o$....+....o%...o&...,...o'.....X...2..*....0..#.........i.X............i((......i.....

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.Recorder.Base.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):4608
                          Entropy (8bit):3.2421971812648476
                          Encrypted:false
                          SSDEEP:
                          MD5:FD15B4F59B7383A54952AD2EAEAFF7D7
                          SHA1:C2D0C43A13E1CC647FA7BAFFECD9DDFCE8AE54CC
                          SHA-256:6AEB175598B5A762CCAEFD48C41D230006C4745CEFBF3D8A475ECC662BC3D411
                          SHA-512:F20C79ED0C8FEE70B1A1A52E31F4A1D1B8F8FD948F68A82E1CB235083DC8ACF181E789A617B321B6B6926C1EDE9EB3A256C85F8BD03DE73694CEF1CBC5FB4584
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d!b.........." ..0..............(... ...@....... ....................................@..................................'..O....@.......................`......@&..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......L!..............................................................2.|....(....*....0..(........(....-..........*.|....(....u.........*..(....,..|....(..........,.........(....}....*..(....*j.(.....|............(....*:..(.....(....*..{....,.*.&.(....,..|....(......}....*.0............(.......(.....*...................BSJB............v4.0.30319......l.......#~..........#Strings....P.......#US.T.......#GUID...d.......#Blob...........W..........3............................

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.Recorder.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):5632
                          Entropy (8bit):4.01076430017497
                          Encrypted:false
                          SSDEEP:
                          MD5:B99FFECA278C2BCE16ADEBCE88FF028D
                          SHA1:0D0C073D902DA60F2F33C27438ED3C1098E1F700
                          SHA-256:D54967183C188CB329F10BCE119C28DC1E0536C5FA0CDFE5EDBECCF48B65FA68
                          SHA-512:D193DE6F3A699DA5BBA993876300B692389749A5E383FFB0E5D4C4030ED540DEF80C685C65D741E67C450405A0920372CBCCA7C5E57D98AEDB558033EF9A1F80
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d!b.........." ..0.............>-... ...@....... ....................................@..................................,..O....@.......................`......p+..8............................................ ............... ..H............text...D.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......T"..............................................................N.{....o......o....*.0...........{....o.......o....-..*.*J.{....o.....o....*..{....o.....o....,..{....o.....o....&.(....*..{....,..{....o....o....(...+...*.*..{....o.....o....,(.{....o......{....o.....o....o.....(....*.*J.s....}.....(....*..{....*..0..j........{....o.....{....o.....{....o.....+,..(......{......(....o.....{......(....o......(....-...........o.....*........".9[.......0..E........{....o.....

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.ScriptableBuildPipeline.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):7680
                          Entropy (8bit):4.390367460160265
                          Encrypted:false
                          SSDEEP:
                          MD5:1DC153B1C050610CF341FBAD1EE8A3A4
                          SHA1:8874B3A8F5E6BFBBEC01A29FB96B36DA1876398F
                          SHA-256:EA98D85F4114A0F4E02D9B90028C2EF219E98CE8C80856AA2934010C12114ADC
                          SHA-512:78CE2624A1DEC9FA090FB513CEC139BB08B8A2EEE7B7D0CE009309DC0FB388E186670A2014F5704279D3C6B3130960C2C34E9448A502D578F8D0BCFC2DCEBD89
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d!b.........." ..0..............4... ...@....... ....................................@.................................;4..O....@.......................`.......2..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................o4......H........$..............................................................6..s....}....*^.{....o....(...+%(...+*.......*...0.."........{.......o....,...(....*.........*...0...........{.......o....,...(....*.*"..(....*..0..$........{.......o....,...(....(...+*......*.0..........s......r...po....&.r1..po....&.{....9G....{....o.....>6....rw..po....&...{....o.....8......(......r...p.%.X......o....&.r...p..(....o....&.r...p..(........(.........o....&.r...p..(........(.........o....&

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.TextMeshPro.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):369152
                          Entropy (8bit):6.006539632175899
                          Encrypted:false
                          SSDEEP:
                          MD5:2A78AEA12E3ED0A3F15A5937E529B03A
                          SHA1:073FDA4E8442567F3CAA1715D13DE9EE9B7C1995
                          SHA-256:B8830FD776883E3CB158864477C12609F63EEE43D4C2D9E355E0733FEFA53A88
                          SHA-512:9A0A9EF14819D7BF155B2DB507F6F505C7BDC3B1181B5083B190A10A4E23BCBC40F20981D89602E56EAA7D9460709A8793153BE33BD25777C057CE671EE7B7AD
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d!b.........." ..0.................. ........... ....................................@.................................K...O......................................8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......X...x)............................................................{.....o ...,.*.{......{.....o!...o"...*....0..*........{.......o#...,..{.....o$...&.{.....o%...*...0..$........{....o&....+..o'...o(....o).....-.*v.s*...}.....s+...}.....(,...*..{-....o....,.*.{-.....{/....o0...o1...*..0..*........{-......o2...,..{-....o3...&.{/....o4...*...0..%........{/...o5....+..o6....o7....o8.....-.*v.s9...}/....s:...}-....(,...*..{;....o<...,.*.{;.....{=....o>...o?...*.0..*.......

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Unity.Timeline.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):108544
                          Entropy (8bit):5.9567267006338165
                          Encrypted:false
                          SSDEEP:
                          MD5:5105A68F5498851704DC04562C86570F
                          SHA1:40F96FAE7EAA4050403CC4EF50E3F845B7CAF79C
                          SHA-256:700179D9238A0C0CB0BFA7DDAC7FA5399BFCA6DF231881CCADC66BE62EE0D2F4
                          SHA-512:916950BE7B95C6D3F6A9FA0ECD430C6D5E1452045AD7AEC9B2D3F00C3038F98E631DD76BB3B391E29F89DD7BDA8F540DA27D4EF5DC88ED84AC9B01DAFDD3DDA4
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d!b.........." ..0.............B.... ........... ....................................@....................................O...................................t...8............................................ ............... ..H............text...H.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................#.......H......................................................................."..(-...*..{....*"..}....*...0..Y........{.....(....,.*.{......E................,...*.{.....o/...*.{.....o/...*.{.....{....o/...*....0...........{.....(....,...u....}......{.....(0...,..{....o1...+..}.....{.....(....,.*.(...+.....+...(...+"....6...+...X...2..{.....o/...*..(4...*..*"..(5...*..(6...*F.(,...,..(p...*.*..{....*:..}.....(....*.0..".........(........(7...}.....(.....(8...*j.{....,..{.....{....o

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.AIModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):44544
                          Entropy (8bit):5.662905863528141
                          Encrypted:false
                          SSDEEP:
                          MD5:8B55778E393A534668DC3E27C1E76290
                          SHA1:6FBC69EFC03D4E99AD8F8EE912B8A0B4B938E4F2
                          SHA-256:56B4B067BADF18A3E1C438ADC7D8988E91DF872204546D5DE6664A760204A0D3
                          SHA-512:53FBB36007420AE063524029188C978DF767571921C1D02516127EEEF57EE4E793B051935E9CEC6B7CFD74B9B7D6C608E5B746429677B8944A018D1081610E1B
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................!..................... ........@.. ....................... ............@.....................................K...................................D...8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........6..............................................................R.(.......(....}....*....0..$..........{....(......~....}.......(......*................B..(.......}....*....0............{.........,...(....}....*..0............(......{.....+..*..0..q...............,.r...ps....z.......,.r...ps....z....(...."o..:(....(....(....(.............o....(.......o........o.....*....0..V...............,.r...ps....z.......,.r...ps....z................o....(.......o........o.....*F.

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ARModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):12800
                          Entropy (8bit):5.135282422051181
                          Encrypted:false
                          SSDEEP:
                          MD5:109EED5381DBE7237C30FA7BC26AEC17
                          SHA1:25341AD5E71057A4F468F439DDF5845096608CA3
                          SHA-256:1EF346647FB27220E02E0AC6752B8CB5D0572C481876A5AE499799D5D9DEE896
                          SHA-512:BD8ED799082FC6B42FB6779966DD2E3250DB26446BFE9FEAC9D46C2E387F8F89E71F7864D58CA5FE59C7E980345324A5AD09228382FC494C0A3A6B24DAA8517A
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...2..............!.....*..........nI... ........@.. ....................................@................................. I..K....`...............................H..8............................................ ............... ..H............text...t)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............0..............@..B................PI......H........%...#...........................................................0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*....0............{.....+..*.0..B.........{.....(......,.+..(....&..}.....{.........,..{....o......(....&*...0............{.....+..*.0..E..........%.}.....(......,.+..(....&..}.....{.........,..{....o......(....&*....0..!.........{.....(....-.(....+..{.....+..*....0..B.........{.....(......,.+..(...

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.AccessibilityModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):12288
                          Entropy (8bit):5.012825926368766
                          Encrypted:false
                          SSDEEP:
                          MD5:B90B1BADB4E5C36B9444130E21501942
                          SHA1:9139C598BFE5D6B6A9C77172331F5398D8431E84
                          SHA-256:27C81D9DC5EE8AF1E6FAA786B9CE4DCE55FC26E06F7C9007274974A4DCC1221D
                          SHA-512:DE35DF45AAA1CCEE39DCF852C7E4CD3E8EC9E6BA8F096EDFC54718CCF4F434012F91EFBB1356B0F9583626DB4B9644DF440C216D08720272100EAB895DFF5837
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....O.............!.....(..........>F... ........@.. ....................................@..................................E..K....`..............................|E..8............................................ ............... ..H............text...D&... ...(.................. ..`.rsrc........`.......*..............@..@.reloc..............................@..B................ F......H........%...............................................................0..:..........(......".Y>.{....Z"Y.7?.{....ZX"..=.{....ZX(.....+..*...0..P.........,..P...+..r...p(.......i.P.i..rA..p(.......+...P........(........X....i....-.*.0..?..............,.r...ps....z..%.,...i-....+..............i...(.....+..*..0..?..............,.r...ps....z..%.,...i-....+..............i...(.....+..*..0..>.......s.......}......}............,.r...ps....z.~.....i(...........s....(...+~....%-.&

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.Advertisements.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):31744
                          Entropy (8bit):5.459057314806651
                          Encrypted:false
                          SSDEEP:
                          MD5:D200E7B1C541792164ADF1EE5CA6060F
                          SHA1:76BFCBD66B8E0130B8C461F9A42AD32FE3872356
                          SHA-256:39C7E3775BB9B821513CDD6D874F05E33E7C7A84DFD04EA2D2B0777BE506ACE3
                          SHA-512:872FCAA4B1F2492CAA4863AA5A25E16D7852CEC402F5399F57600FF666727ABCC99AF7F3A3541D6EFAFDC3D5B7AB33FC2ACEF5D89EAD1A973E0F1BE673969241
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d!b.........." ..0..r............... ........... ....................................@.....................................O.......8...........................@...8............................................ ............... ..H............text....p... ...r.................. ..`.rsrc...8............t..............@..@.reloc...............z..............@..B.......................H........>..xO..........................................................J~....-.(.........*.~....o....*.(....*.~....o....*2~.....o....*.~....o....*.~....o....*:~.......o....*:~.......o....*:~.......o....*2~.....o....*2~.....o....*2~.....o....*6~......o....*6~......o....*6~......o....*6~......o....*2~.....o....*F~....%-.&*.o....*F~....%-.&*.o....*2~.....o....*^~.....(....-..+..o....*....0..h.......sp....s....s......s........s......C..r...p(......o....(......&..s....sp.....s...

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.AndroidJNIModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):57344
                          Entropy (8bit):5.261493718458274
                          Encrypted:false
                          SSDEEP:
                          MD5:DE1DD1539164E232DDEC706D223D0244
                          SHA1:5E94DA940D9B508213CB9AD9D26E1D6EEF046797
                          SHA-256:1A3648520D865E747947BB701FC833601943EFA47AC25FB1A3403BAF9B69AD85
                          SHA-512:0A74EB089BCBB043278FD12D4E085C87563C3D38EE78A4F40EB865FF83EAAC06AD3400D85A205B5BD7623772B2B473C29351BAD67073DD26B017038178CA571F
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................!..................... ........@.. .......................@............@.....................................W............................ ......`...8............................................ ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........x...|..........................................................F..(........}....*...0............{.....(....(.....+..*...}.....(........~....(....-..(....+.~....}....*.0.............(........(......*.................0............{.....+..*.0..7.........{......,.+)..}.....{....~....(......,...{....(".....*V.r...p(........}....*:..{....o.....*>..sA...(......*n.~....}.....(........}....*.0.............{....(#.......(......*....................0..q...........<...i.......

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.AnimationModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):145408
                          Entropy (8bit):5.816420219726569
                          Encrypted:false
                          SSDEEP:
                          MD5:A77B120F6EF3602D800ED64EFD7214C6
                          SHA1:ED27BEDE8703AD1F16275BB3CF073560FFEDFE13
                          SHA-256:755210A00063BFAC7D1AECC1386366899DDEC520B7A59333A35D56E5E5B06937
                          SHA-512:27CF071B540B22AAC27135A34379CD050E24A43267FF7B8917CE84660571E86590E42322CB640ED4F75B886F8C138612B09178B8543F016391DED13841DF065C
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....w@............!.....0...........O... ........@.. ....................................@.................................\O..O....`...............................N..8............................................ ............... ..H............text..../... ...0.................. ..`.rsrc........`.......2..............@..@.reloc...............6..............@..B.................O......H.......(...............................................................".(.....*..*".(.....*B.(.......(.....*F.....(....(.....*.0.............(1....*&...(2...*.0.................,.r...ps....z..(,....*....0............(0...t.....+..**...(/....*.0............{/...-..+..{/...(5....+..*.0............{0....+..*.0..+.........(.......{3.......{1.......{2.....+...+..*..0............{3....+..*.0............{2....+..*.0............{1....+..*.0............{4....+..*.0............{5....

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.AssetBundleModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):20992
                          Entropy (8bit):5.367043605465014
                          Encrypted:false
                          SSDEEP:
                          MD5:E64529FD1863E79DE0BBBAB2B15D331D
                          SHA1:E6EB9483D716D7AB50D098039F3F8D23CDA93B61
                          SHA-256:117C73D2F2D5C1DC305042A4C6234EB6604CCAEF638BA9B59B39CF577CCCED55
                          SHA-512:F72AB2B28A5785C426449A64BE2A1F22316E0D75C4C15065F85D4793394620E2ECA85739F07BC7DEA0A52B00C43F7D73AA1CC1D1B5E69D18504868D50F9DB7E7
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n'.............!.....J...........i... ........@.. ....................................@..................................i..K...................................,i..8............................................ ............... ..H............text....I... ...J.................. ..`.rsrc................L..............@..@.reloc...............P..............@..B.................i......H........(...@..........................................................&.(......*...0............(.....+..*.0...........(.....+..*..0..............j(.....+..*..0..............j(.....+..*..0..............(.....+..*...0..............j(.....+..*..0..............j(.....+..*..0..............(.....+..*...0.............(.....+..*....0.............(.....+..*....0.............(.....+..*....0.............(.....+..*....0..T..............,.r...prM..ps....z.o.........,.r[..prM..ps....z.o

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.AudioModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):57344
                          Entropy (8bit):5.594112129784882
                          Encrypted:false
                          SSDEEP:
                          MD5:89E3062668580F45E34205EB6430BB5A
                          SHA1:F5747EB9ADCE58C7BC89D8BD270D7004A452AD7A
                          SHA-256:D42DAE67434D16375E86D1410D5DE19EB9652BB6A4967B1A4A7A46A52DDABAD3
                          SHA-512:1BD368328B39A2348E2D3942E6994CE1168C382E46B7B88F20023EFF6D0D342714751BF16337356C9394809FE2C23401CC112BED1EAD5D42A201A04984BEBCC4
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....b............!..................... ........@.. .......................@............@.................................<...O............................ ..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................p.......H........<............................................................."..(....*....0...........(.....+..*..0..3........r...p(.....(........}.....(.........,.rB..p(.....*..0...........(.....+..*..0..3........r...p(.....(........}.....(.........,.r...p(.....*..0..3........r;..p(.....(........}.....(.........,.rv..p(.....*..0............(.....*....0............(.....+..*.0..'.......~T........(....t......T.....(...+...3.*..0..'.......~T........(....t......T.....(...+...3.*..0..

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ClothModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):15360
                          Entropy (8bit):5.194656321973958
                          Encrypted:false
                          SSDEEP:
                          MD5:AFF11CDA61B524A45C4D74698D6009CE
                          SHA1:2E0DBA7BD27C6A28464F6E73DE2129701A6C50C6
                          SHA-256:0D0054A29186E6BAB97F3D87D910EAEF275B1B1947CD6B3DD066AFB2B9FA50DE
                          SHA-512:A73B63A10B86D31F3BA100EFC080BF1F337AEF73D34F1CDC1FFE56AA19651F390F1C15B4B16F05AD5DD3D6198A782E80DA9E9F9721D325D8BD913D12791A249E
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!.....4...........S... ........@.. ....................................@..................................S..W....`..............................(S..8............................................ ............... ..H............text....3... ...4.................. ..`.rsrc........`.......6..............@..@.reloc...............:..............@..B.................S......H.......0#.../............................................................{....*"..}....*..{....*"..}....*J...(.......(.....*J...(.......(.....*.0.............(R....*&...(S...*.0.............(T....*&...(U...*.0............(+..."....0..+...+..*b...-."....+."...B(,....*.0............(8.....o.......o.....*>...o....(:....*.0............(<.....o.......o.....*>...o....(>....*.0............(@.....o.......o.....*>...o....(B....*..{....*"..}....*..{....*>..."...?(G....*....0..........

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ClusterInputModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):10240
                          Entropy (8bit):4.788938757984828
                          Encrypted:false
                          SSDEEP:
                          MD5:06C2BC569FC29736D518BF3904064856
                          SHA1:B35528CDFA96E6C30A293F4062CF3A763684F9AB
                          SHA-256:DDE94A7A664619924FF74DF8136E996ABAE44E79DD5915BCC4C60C8794613C50
                          SHA-512:8142B5F61D763D896CCBD6E403B3EA7FD9EFB207E3EF8009D0EE7A351D065490133C57D52DA21A9BA030058DA62C769290A4194054157504FB15DF4702823DD7
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...q#/............!..... ...........>... ........@.. ....................................@.................................|>..O....@.......................`.......>..8............................................ ............... ..H............text........ ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......&..............@..B.................>......H........ ..l............................................................0.............(.....*...0.............(.....*&...(....*&...(....*".(.....*.BSJB............v2.0.50727......`...t...#~......|...#Strings....P.......#GUID...`.......#Blob...........W].........3......................................................................................K.............................7...'.......f.....R.......l.................................5...............V.y...V.....V.....V.!...

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ClusterRendererModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):9216
                          Entropy (8bit):4.658712380387986
                          Encrypted:false
                          SSDEEP:
                          MD5:D71DD876B0D77D734D6C3F18EAE41C67
                          SHA1:CE7A5A4131B089C046C9BBF041D3CE51ADDBB74F
                          SHA-256:AF31C81061AB37EA7250140581AA172387810AB0B2ED2FC206AE6E0036D39F58
                          SHA-512:914FBAE86BB097DB5209A2708B71A455A0EF228363700341DC44FC8E9520BBF62C171C25145823A64E59BA4C89AC92331273C8895F82B81801501D68327BBD7A
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....x............!.................:... ........@.. ....................................@.................................T:..W....@.......................`.......9..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B.................:......H.......\ ..............................................................".(.....*...BSJB............v2.0.50727......`.......#~.. .......#Strings....8.......#GUID...H...8...#Blob...........GU.........3..........................................................)...........O.......................r.................j...v.......................j...............V...............................................P ......l.............l.....l.#...l.V.!.l...).l...9.l.#.A.l...I.l...'.C.....

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.CoreModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):1004032
                          Entropy (8bit):5.736006947891527
                          Encrypted:false
                          SSDEEP:
                          MD5:E75525060ADD29F8BAD5010ABE477A1B
                          SHA1:2885B2D6B1BFC975A5DF649DC187D87304135907
                          SHA-256:E4E4A7F744513BD720193C69747384D6B6A88914775D5F1657F89F33C72EC7DB
                          SHA-512:6EBBDEDEE208D3D66E21C59202610186F52232B690DAA300A6CF8B5BF0AC031884ED53B61EE29D249EA68B9561A8A5FB7AE297DAC20409FF1B9CB0FA0DE15EA6
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!.....J...........i... ........@.. ....................................@..................................i..S....................................i..8............................................ ............... ..H............text....I... ...J.................. ..`.rsrc................L..............@..@.reloc...............P..............@..B.................i......H........v..8...........................................................&.(......*.~....*.......*".(.....*...0...........(.....+..*&..(.....*....0............(.....*"..(....*."...........".............~...."...........*..s....zZ.........o....(......*B.(........}$...*..0............{$....+..*".(.....*....0............( ........,..q....s#...z*2.|%...{F...*.0............|%.........+..*....0..M..........|%.............(%....X..s....('.......(......(%...&.(..........()........*...

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.CrashReportingModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):9728
                          Entropy (8bit):4.67660770432611
                          Encrypted:false
                          SSDEEP:
                          MD5:39232443A68655614C20BC65F553F9F9
                          SHA1:70EF8F9ED652B2E7907A6F27545F7364D4DDD039
                          SHA-256:00D5B8C37A88FF8FC3B0D8794953251609CA2FC7154441D1D87BD9C42D9A50B0
                          SHA-512:DCD17FF7352402772AAE0B9447C4CBE5A9AF623AEE5344C9B3704E6CC27DA1308C725745630033AA80C21B3817A5654E0D9F7B200DBA8DEB8BD7CC57DF3A6D87
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{O.............!.................<... ........@.. ....................................@..................................;..W....@.......................`......L;..8............................................ ............... ..H............text...$.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......$..............@..B.................<......H.......\ ..............................................................&.(......*..BSJB............v2.0.50727......`...8...#~..........#Strings....P.......#GUID...`.......#Blob...........GU.........3..........................................................................-.6...a.6.....6.....6.....6.........C.........'.'.............v...................................P ....................K.............g........................................... .............*.......y.....

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.DSPGraphModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):17920
                          Entropy (8bit):5.219730575836266
                          Encrypted:false
                          SSDEEP:
                          MD5:BA83B9B3D5E726BB1DF3CEE21585B9A4
                          SHA1:3790B8DF759638F373053AC59D42310344F070BA
                          SHA-256:F31B6399FA169B3973C257C9250A2BEC3734FE1AE85A17B115206D9044958197
                          SHA-512:EFED968B84CDD9EE96FD9DC5AC447AB727A62BDD294D1FF76B7611CB6430636969AD0D51CED3970DB41720E5F262405F3AAC1CC5CFB91C00C5DA0A7B389A1C08
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...[..............!.....>...........\... ........@.. ....................................@..................................\..O....`..............................<\..8............................................ ............... ..H............text....=... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............D..............@..B.................\......H........#..09...........................................................0............{....(.....+..*....0..)...............,.s....z..(....}......{....}....*....0............(....-..+..(....{.....+..*.0..n..............,.r...ps....z.(.........,.r...ps....z.(....{............, rg..p.(....{.........(....s....z.(.....}....*...0..Y...............,.r...ps....z.{............,.r...p.{.........(....s....z..{....}......(....}....*....0..6.........(.........,.r...ps....z.(.....}.....(.

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.DirectorModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):13312
                          Entropy (8bit):5.036904544102517
                          Encrypted:false
                          SSDEEP:
                          MD5:C57FA2959D24C25EF617339924008E84
                          SHA1:A54948818E7214964A307116AAFDB763777E9212
                          SHA-256:DEE7F3988A3C3DC9FF6B9B9AAE9F0506C6D90FCD4AFC581F52CAD72CD7539E84
                          SHA-512:EFEA1E8AFCB1CAC08E8812543F9ECC6221897D491AE53A7C23B05A5FCB68E90C1B5557FCEDEFC9217AD9880A3C745C2795116C1CE0A910B70845E071686183F1
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...K.............!.....,...........J... ........@.. ....................................@.................................tJ..W....`...............................J..8............................................ ............... ..H............text....*... ...,.................. ..`.rsrc........`......................@..@.reloc...............2..............@..B.................J......H........#...&...........................................................0............("....+..**...(#....*..0............($....+..*.0............(+...u.....+..**...(*....*.0............(&....+..*.0............((....+..**...('....*&..(%....*....0..&..........(......,.r...ps....z...(....(.....*...0../..........(......,.r...ps....z..(.......(......(.....*.....()....*&...(7...**....(8...**....(9...*..0.............(:....*...0..)........{.........(....t......|......(...+...3.*...

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.GameCenterModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):26624
                          Entropy (8bit):5.4258342958660055
                          Encrypted:false
                          SSDEEP:
                          MD5:1A0D5E7C8FB11AFBA9F20F7C80547BF4
                          SHA1:9FB9BC0262C0F718821148E658C8117427BEA570
                          SHA-256:159F125CABCD385153EADB7647C0FC8AD7F58227367D5605C6188BCD522BEA39
                          SHA-512:D7EA3984B96188EB39E8F94DD4930E9D7DAA973FD29B138B183496517F54D5B93EE5CE4392B9E03C28E0C2046E748611BCD690A73B358C9EB536ABF85F6F3F22
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................!.....`..........n.... ........@.. ....................................@.....................................S....................................~..8............................................ ............... ..H............text...t_... ...`.................. ..`.rsrc................b..............@..@.reloc...............f..............@..B................P.......H....... 7...G...........................................................0...........(*....+..*&..(+....*....0...........(....o-....+..*>.(......o.....*B.(.......o/....*:.(.....o0....*:.(.....o1....*B.(.......o3....*>.(......o4....*.0...........(....o5....+..*.0...........(....o2....+..*6.(....o6....*6.(....o7....*.0..!........~.........,.sq........~.....+..*....0..e.........t........ . ("...}.....(!......ov......ow.....r...po......r...po.......{....o...........,...o.....*...

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.GridModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):13824
                          Entropy (8bit):5.071285663779292
                          Encrypted:false
                          SSDEEP:
                          MD5:7B59C0EE5372D9CD63BF08DF2DA407A1
                          SHA1:CB02E2FD44AA2859A7A2A4887079B0C564C03E9E
                          SHA-256:FFDAD551B362C15EC09B5B18F5C135C11CD5EE1B64E54E0B5A792B6A48C52FD1
                          SHA-512:414E9A915F9FF2774CA8574A912D1BCD2479D0656895FCE10A2D60400F96038285AD078ADBE6CD6E304769F3FA88B45234831370B552BDC1D180705A7BD1BD94
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!.................L... ........@.. ....................................@..................................K..K....`..............................tK..8............................................ ............... ..H............text...4,... ...................... ..`.rsrc........`.......0..............@..@.reloc...............4..............@..B.................L......H........"...(...........................................................0.............(.....(#...(....(.....+..*....0..#...........(.....(#...(....(....(!....+..*..0.............(.....*&...(....*.0.............(.....*&...(....*.0...............(.....*.0...............(.....*".(%....*....0.............(&....*...0.............('....*...0...............((....*.0..............(.....+..*...0.................()....*...0...............(*....*.0...............(+....*.0..............

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.HotReloadModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):8704
                          Entropy (8bit):4.642133128425003
                          Encrypted:false
                          SSDEEP:
                          MD5:866392913F2906EFB27C39BA7BADF402
                          SHA1:4EE1D5A21312AD902C5498E3D602C56BFB0C2CB8
                          SHA-256:96FCD4AE091F115BC75E1BA2847AC4A8B623F851B7F930F4B7F5D3455C65FA25
                          SHA-512:2A98656FCBEB82B6599608699C78D29DD0E923D62423BD9327FEA3530F00212DBBBE46E97AEDAF5A46D726D8620412FF5A86C067F26B1CEA503EAAB3F816AD7F
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....vt............!.................8... ........@.. ....................................@..................................8..S....@.......................`......88..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................8......H.......P ..............................................................BSJB............v2.0.50727......`.......#~..h...x...#Strings............#GUID...........#Blob............T.........3............................................................w.....>...........M.Q...].g...............................;.)...J.1.....9.....'.3.P...#.7...#.....#.....#.....#.....#.....#.....#.[...#.=...#.)...#.....#.....#.....#.....#.n...#.H...#.#...#.....#.....#.....#.....#.....#.y...#.]...#.

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.IMGUIModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):156160
                          Entropy (8bit):5.7641592833623605
                          Encrypted:false
                          SSDEEP:
                          MD5:AAB5929372D5C3F7DBF926DA6773AE8D
                          SHA1:645C25A4ABEC147D97423F4829075BB832BC4E62
                          SHA-256:10FEFEB0CD80584CB71F0B9FC024568AE261662487A0EAF351EBAEF206E05E91
                          SHA-512:0ACD66936F0239EF52555B93E4C68D0EB6B1054D67909A5BECCD1282B60D66E913F4C4007A040139B9848CEB86862823B84DFA832C7D78640A3FAF71F1CF8EAD
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...-\.............!.....Z...........y... ........@.. ....................................@..................................x..O...................................Px..8............................................ ............... ..H............text....Y... ...Z.................. ..`.rsrc................\..............@..@.reloc...............`..............@..B.................x......H........#..hT...........................................................0.............(D....*&...(E...*.0.............(F....*&...(G...*.0..?........~.........,..s%........~.....o.....~.........~....{....("....*V.(........(....}....*V.(........(....}....*..0..-........(............,.r...ps....z..{....(....}....*....0..:..........{....~....(......,...{....(......~....}........(......*..........01......:.............*..0..&.........{.....{....(......,....{....(......*...0......

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ImageConversionModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):10752
                          Entropy (8bit):4.901854295848511
                          Encrypted:false
                          SSDEEP:
                          MD5:3BBC49D3F68F75ED9185EAB4E8EA3763
                          SHA1:F0985463D8D9D312E1170813126724E627587B96
                          SHA-256:A968AE7AFF38CD7B6FA4B7426D080FA7DC95D2897F43641DF13D2FF21FC98C66
                          SHA-512:7C96A5BC79D83B538DBF48E02DAC6D0D4402FD8CD4BA360E75FE60490BD08C3FD130DD990C28D662FED0FF05CF50EAE4143DA134F7D08F3B363AF4BD8F2252FE
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....E............!....."...........@... ........@.. ....................................@..................................@..S....`..............................0@..8............................................ ............... ..H............text....!... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............(..............@..B.................@......H........ ...............................................................0.............K(.....+..*...0.............(.....+..*....0..............(.....+..*..BSJB............v2.0.50727......`.......#~..(...T...#Strings....|.......#GUID...........#Blob...........G].........3....................#.................................:...........`...'.....x.....#...........g.......`.................................S.}.7............. .....9.B...................g.........................

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.InputLegacyModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):25600
                          Entropy (8bit):5.401037820288737
                          Encrypted:false
                          SSDEEP:
                          MD5:DD2E03879D977FECEAB29344E132DAC4
                          SHA1:DEE4BEB1292260DFD3E2DF9B59C3B80EF0AA30A2
                          SHA-256:565C72E9A82DEC16F45F43C97176DC6F8470D38ADCEC78FD146D696420483B49
                          SHA-512:88E40D2214C6D423EE9CDD246BE0C5EFD8FA9B1C24059274EC2C07D641BE302299C8E41583FF109BFF671CAB15EC7605A399C4FDFD608F1744B2962FFDB14E87
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................!.....\...........z... ........@.. ....................................@.................................<z..O....................................y..8............................................ ............... ..H............text....Z... ...\.................. ..`.rsrc................^..............@..@.reloc...............b..............@..B................pz......H...........4K...........................................................0............{.....+..*&...}....*...0............{.....+..*&...}....*...0............{.....+..*&...}....*...0............{.....+..*&...}....*...0............{.....+..*&...}....*...0............{.....+..*&...}....*...0............{.....+..*&...}....*...0............{.....+..*&...}....*...0............{.....+..*&...}....*...0............{.....+..*&...}....*...0............{.....+..*&...}....*...0..........

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.InputModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):12288
                          Entropy (8bit):4.948256534340357
                          Encrypted:false
                          SSDEEP:
                          MD5:8D99EA6B6F7609F72A2CBAEA3723284A
                          SHA1:F1D75DD8A728B2276CB04696995118DD1AF330C4
                          SHA-256:A7CC5015B925745E009D04DE144E76777A09B62DBB652002C868A54E25F648C8
                          SHA-512:88B8465294D4E81D4E08D4E63563C31EE8D6798E043A0BE33AAA32EF07EE5461F24ADDF0A25582588A49B385B2A14E8142B6DE820C079CD7126D0E77D084F483
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....~............!.....(...........F... ........@.. ....................................@..................................E..S....`..............................LE..8............................................ ............... ..H............text....&... ...(.................. ..`.rsrc........`.......*..............@..@.reloc..............................@..B.................E......H........!...#..............................................................}.......}.......}......}.......}....*....0...........~.....+..*Z.......~.......(.....*&..(.....*.0...........~...........,...o.....*.0..5........~.......(...........,....}......}.....+.....o......*....0...........~...........,....o.....*....0...........~.......-..+...o....R*N..(...+(....(.....*..*".(.....*.BSJB............v2.0.50727......`...$...#~..........#Strings............#GUID...........#Blob...

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.JSONSerializeModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):10752
                          Entropy (8bit):4.806089503042756
                          Encrypted:false
                          SSDEEP:
                          MD5:2E1B098C51EF386BD7B509BD5175ADD5
                          SHA1:5EC8AD589650211873FE61DDFB5414EEDF694F16
                          SHA-256:E22BD82A6AC4481DC9886EDF3D0CCAA3F0D925ABE4751CD74A6A46718A69B826
                          SHA-512:385C28732EDAF6B38451CC59517391E03A7E080FF53715487EBC24B4368A2687428E4E9AA27A6679C531A020332389181E2B5C57C5DD147B58C5D2C4BE06DA7E
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....B............!....."...........@... ........@.. ....................................@.................................H@..S....`...............................?..8............................................ ............... ..H............text.... ... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............(..............@..B.................@......H........!...............................................................0.............(.....+..*....0..N..............,.r...p.+;.u....,..u....-..u..........+..+....,.r...ps....z..(.....+..*...0.................(....(..........+..*..0..i.........(......,...+X......,.rg..ps....z.o....-.......(....o....+....,.rq..p.o....r...p(....s....z...(.....+..*....0..`.........(......,.+R......,.r...ps....z.u....,..u....-..u..........+..+....,.r...ps....z...o....(....&*BSJB............v2.0

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.LouserzationModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):9728
                          Entropy (8bit):4.776921608468701
                          Encrypted:false
                          SSDEEP:
                          MD5:7C41DD15E03CCDCA8A236C2EC11572D1
                          SHA1:785FF41515FB06A4A5F8646DD7CCB3C240D2D402
                          SHA-256:5DF505B94A6B9A71A4A9276D309999E226357D7B5FAA891E82E659663DDF5AF4
                          SHA-512:23D00D6771D712BA6AD3E88A11EA4A5783833FC8A4C85992E08D9E7DC5A6B344CCD8765912DEDEE9C9B5A6AB3C068A03376454123FF68A05870AF0014CDD5D1F
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...F.U............!................N=... ........@.. ....................................@..................................<..O....@.......................`.......<..8............................................ ............... ..H............text...T.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......$..............@..B................0=......H.......d ..$...........................................................B.(.......(.....*...BSJB............v2.0.50727......`.......#~......$...#Strings............#GUID...$.......#Blob...........GU.........3..........................................................3.....................&...........X.......................n.o.....o.....\./.......<.o.........................................P ......V.............................;.............[...........5.r...........G.........

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.Monetization.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):28672
                          Entropy (8bit):5.476553020358292
                          Encrypted:false
                          SSDEEP:
                          MD5:3F5D39E65FF667042963B5B1487CE07A
                          SHA1:586D6DCDA7F5CE4119B9C09F9AFA476232E15F20
                          SHA-256:8473F0B0CD463156DA89CB901E2BC5DF18160C37D96EB2E7B71E84693DC14403
                          SHA-512:B8D3B98726D6BA2A3F5B5371424657874EE7DD3F60CFF02637CB9614DC245D808E99BFE1E76C417B4CC1B8BEB4B5517817B6E57A1E4C355EBEAEF4B72DA70AA4
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d!b.........." ..0..f.............. ........... ....................................@.................................{...O.......,...............................8............................................ ............... ..H............text....e... ...f.................. ..`.rsrc...,............h..............@..@.reloc...............n..............@..B........................H........;..<H...........................................................0..........~.....(....,k~.....(.........~.....(....,N~....~..........%......(.....o.........~....~..........%......(.....o...........o....(......~.....(....,.~.....(....*.*...........zz.......0..O..........(....t....o.....+...(.......(......(....(....-.....(....-...........o......*.........,?.......0..........(....-..*~.....o....,.~.....o....&.,.~......o.....~....~..........%.~.......o ...&~....~........

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ParticleSystemModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):134656
                          Entropy (8bit):5.854778219860477
                          Encrypted:false
                          SSDEEP:
                          MD5:03305FE06D256D2D65B925C0DEFC1087
                          SHA1:688B35553C214624583D0BE9C91C72E4B7746EA6
                          SHA-256:7B91BF10085D2B7D20E3EEF5FF2A995EF709BB82B0ABA68FCFC6C01B629042B8
                          SHA-512:98FD96F2A0B728EFB431B1E03D04A7C8E5421A11BBA151C3CE73A030074CFFC01A849501313170CC4619B589DAF63EA71B25232D67F34E758F036A705AEC0762
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....S.............!................n$... ........@.. ....................................@..................................$..S....@.......................`.......#..8............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P$......H........h..............................................................0..o...................(........(.........(.........(........(.......(....(.......(....(.........(........(........(\....*.....(\....*..0............(g......(.....+..*.0............(g.......(.....*...0............(g......(.....+..*.0............(g.......(.....*...0............(g......(.....+..*.0............(g.......(.....*...0............(g......(.....+..*.0............(g......(.....+..*.0............(g

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.PerformanceReportingModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):9216
                          Entropy (8bit):4.7511769344028405
                          Encrypted:false
                          SSDEEP:
                          MD5:B0B798E1D1A702C38860EFDF7C9FD039
                          SHA1:89483A9FEACFBDA6D1363CD1FE3E6E95CA6BCAE6
                          SHA-256:B1D42715A00BD41CEB3C92D732369C2D5EF32676F25D74B860C0FFB1A0DC5F12
                          SHA-512:075827F72F9AEC6DA555B2B6EEE901F7CF26114416539016D2C018255084124085E67A62E167DEC9B1F814D1F756AE32AA2AFEE46EC218AB829239105E47C4B9
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...:8.............!................N;... ........@.. ....................................@..................................;..K....@.......................`.......:..8............................................ ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................0;......H.......P ..4...........................................................BSJB............v2.0.50727......`.......#~......x...#Strings............#GUID...........#Blob...........GU.........3....................................................................D......./...../...../...../...F.....f.........#. ...........K.......e.................................................................t.......................!...x.1.....9.....A.....Q.....Y.....a.....'.K.....;.....;.....;.w.

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.Physics2DModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):105984
                          Entropy (8bit):5.6623484884099495
                          Encrypted:false
                          SSDEEP:
                          MD5:61020BE4411F47CDF6D2114227C6BE19
                          SHA1:8FD435F891687742DD73A697EEE33C7258D7B4E8
                          SHA-256:75C2668222878975F38F740E1B28AECC659BA1EE1FB617B13D71339D1864377C
                          SHA-512:AA8FB5E13046E1BD2865160C99AFE7E0762823131C271E9FB8251691C53938204BB72C8A6FF311E508D029D626EECEA8FB016FC0423555AB521FD30514BDC1BB
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..../"............!..................... ........@.. ....................................@.....................................K...................................P...8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......|r...@...........................................................0..$........r...p......%..{..........(.....+..*.0............{.....{.......+..*.0............{.....{..........+..*..0............{.....+..*.0../.........u............,...+.........{.....{.......+..*..0............{.....{.......+..*.0............q....(.....+..*"..(f...*...0..&.........(......,..q....(.....+.r...ps....z.*"..(g...*..0..'.........(......,..q.....(.....+.r...ps....z.*..0..%........."...."....

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.PhysicsModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):87040
                          Entropy (8bit):5.768325766515727
                          Encrypted:false
                          SSDEEP:
                          MD5:401BA50B8360FBDA998F487DED4618A9
                          SHA1:4A4C68711A8DF3D31D338202F5BB0D51442A803F
                          SHA-256:CF946CD516449FE482CDC7EABF307CE75EDE68338281922F6833AD5CF2EFE68A
                          SHA-512:68DF0902EC305E9FEA0B74F804BAABB8F8D2CF21111F09455D44882D76FCE9FA23025F05A3D3EA9F88EE071F7269B78EE0E92184EEE61DFAAAD02CD820B1968C
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..............!.....L...........j... ........@.. ....................................@.................................hj..S....................................i..8............................................ ............... ..H............text....J... ...L.................. ..`.rsrc................N..............@..@.reloc...............R..............@..B.................j......H........Y.. ............................................................0............{!....+..*&...}!...*...0............{"....+..*&...}"...*...0............{#....+..*&...}#...*...0............{$....+..*&...}$...*...0............{%....+..*&...}%...*...0............{&....+..*&...}&...*...0...........".....+..*..*...0...........".....+..*..0............{'....+..*&...}'...*...0............{(....+..*&...}(...*...0............{'....+..*.0............{)....+..*&...})...*...0......

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ProfilerModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):8704
                          Entropy (8bit):4.639149896361788
                          Encrypted:false
                          SSDEEP:
                          MD5:D2DDE3ACCB2691A127D00F593902299A
                          SHA1:35E0570D5DDC87A176A08092CEA852B4641CF23D
                          SHA-256:31479AC33783B7199F69577A1F498EA9C3EAA4A3E18A3193FD64D629CB6C697A
                          SHA-512:C5B59B041B92EE5744A03CADEE964524B7E31AEADB3A36BBAB046673064C87825ECBC816A5421691CAB805AE9A1CD023D40CA42D0C4F59C8EEF1FF2B1F60CEE1
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../..............!.................8... ........@.. ....................................@..................................8..S....@.......................`......88..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................8......H.......P ..............................................................BSJB............v2.0.50727......`.......#~..h...x...#Strings............#GUID...........#Blob............T.........3............................................................v.....<...........K.P...\.e...............................;.)...J.1.....9.....'.3.P...#.7...#.....#.....#.....#.....#.....#.....#.[...#.=...#.)...#.....#.....#.....#.....#.n...#.H...#.#...#.....#.....#.....#.....#.....#.y...#.]...#.

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.Purchasing.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):27648
                          Entropy (8bit):5.413231221565375
                          Encrypted:false
                          SSDEEP:
                          MD5:37E10A47DE856B8CF9C1229AE6E76896
                          SHA1:5D7645535B01877E5DB0CA432708AE7D5DA518AE
                          SHA-256:95971C961681EC6E0D811CD6DD1F3A71C2DA1EAF9A431D61EF1682501AB8E23D
                          SHA-512:E8BB9C458DBF78731C30928B61C68BE1F2071E7F25E232E5450DED05C50C9D66DEBD5BCEB367D8983CF2574B945C8B73C80833D48D5C53527B0811A5EBCE877A
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!.....d..........~.... ........@.. ....................................@.................................0...K....... ............................................................................ ............... ..H............text....b... ...d.................. ..`.rsrc... ............f..............@..@.reloc...............j..............@..B................`.......H........6..lK..........................................................:.(......}....*..0..E........o>...ol...:....*.{.....o<...oY....o>...on....o>...ol....oE....o(...*....0..r.......s......r...p.o<...oY...o.....r...p......o.....r#..p.o>...on........o.....r/..p.o>...ol...o.......{....rA..p.o)...*J.s....}.....(....*F.{....o.........*..0..(...........8.........{......o......X....i?....*.0..-...........8.........{.....o.....o......X....i?....*..{.....o....9.....{.....o....*.*F.

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.ScreenCaptureModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):9728
                          Entropy (8bit):4.7569130392603745
                          Encrypted:false
                          SSDEEP:
                          MD5:9C71D2867F211CF8F221F0D65ADA74FA
                          SHA1:64E833F41135D3D0FF6D8F1BD5E73551F739B7BF
                          SHA-256:FFD92FFABDAC34BF7E1C91D865BDE30D7C76A8521C91425EAE3EAA5BCAB6D38B
                          SHA-512:42B29D2056998B278FA3CEADDAB35007265A0412B1658D025436A3C68B0D8CE1C2040BA1CBFFA3355D7DBCBE1A1BD0619B68880F7F098F7E4B2DACC3CCEFE34D
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..............!.................<... ........@.. ....................................@..................................<..S....@.......................`......4<..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......$..............@..B.................<......H........ ..l................................................................(.....*.....(.....*.....(.....*.0.............(.....+..*....0.............(.....+..*....0.............(.....+..*...BSJB............v2.0.50727......`.......#~..........#Strings............#GUID...........#Blob...........W].........3..........................................................................7...............]...........>.7.....\.....\...I.I.'.|.....s.\........./...........................

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.SharedInternalsModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):19456
                          Entropy (8bit):5.283665597102823
                          Encrypted:false
                          SSDEEP:
                          MD5:C7244F5E3455B0E21D53E346F5A38767
                          SHA1:94B86941348AD595CFC14370289E4F2CCCCE5789
                          SHA-256:A5042692910E427394029446A2BD552BE13B35940DB779C5D50F8A8A3A495413
                          SHA-512:D0291B43CFC066549A5352BB40F21FEB29E6717948C1F1288B91D19428B2B12983D3B1C085146EFB9260F63BDF2BD677514DDD6EBF48D8F5617AAA2F6217BDD2
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....i.............!.....D...........c... ........@.. ....................................@..................................b..O...................................Db..8............................................ ............... ..H............text....C... ...D.................. ..`.rsrc................F..............@..@.reloc...............J..............@..B.................b......H........&...;............................................................{....*..{....*^.(........}......}....*&.(......*B.(........}....*".(.....*..{....*"..}....*..{....*"..}....*..(........(......r...p.(....(.....*f.(........(.......(.....*.0...........(....o......(.....+..*".(.....*..{....*"..}....*..{....*"..}....*..{....*"..}....*f.(........($......((....*F.(........((....*J..(*.......((....*N...(........((....*J..(*.......(&....*..{....*"..}....*...0..C........(......

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.SpatialTracking.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):10240
                          Entropy (8bit):4.964106092176948
                          Encrypted:false
                          SSDEEP:
                          MD5:AB378C3491E7B987A241BCE6B08B6D54
                          SHA1:D968DCECC286C8C6BE538759590D96597F2EFF4E
                          SHA-256:64B61C42A8802E9F3FA75E970017562563993F8E6AAF6E35DAB462B26A44D9FC
                          SHA-512:D085B38519B0EAA68B0BA17AB87B53299D3C4030AE7352B9151D135F20FECE4302598AFE0A0F11A1C5506CC8B24AB7FA8F89522B8925FBDC211E5263497F3770
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d!b.........." ..0.. ...........?... ...@....... ....................................@.................................7?..O....@.......................`.......=..8............................................ ............... ..H............text........ ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......&..............@..B................k?......H........&................................................................(....*.0..........s....%..........s....%r...po....%r...po....%r'..po....%r]..po....%rg..po....}......s....%.o....%.o....%.o....%.o....%.o....}.....o....%..........s....%r...po....%r...po....}......s....%.o....%.o....}.....o....%..........s....%r...po....}......s....%..o....}.....o.........*....0..}.........~....(....~....o.....+<..(.......(.....3*...|....(....,...`....|....(....,...`....&..(....-.......

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.SpriteMaskModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):10240
                          Entropy (8bit):4.722566094452697
                          Encrypted:false
                          SSDEEP:
                          MD5:24F78841E6ACE2EDBAC7204E7DB5924A
                          SHA1:F062945FA83F07957672D1E2141284CE3AEE63C9
                          SHA-256:F3A2E70054F2A878C20236C0129F86D03ACB900667B57115311AAB1F1CF5B7C7
                          SHA-512:3D94ED5DB6DDB1B111498205E76054811619B8816733B61BBE19A0CA847FEB8A3477B81C533048AE801797CFE3C8C4032BE71F11A3CB83541626101089CB2DE8
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...DR.............!..... ..........N>... ........@.. ....................................@..................................>..K....@.......................`.......=..8............................................ ............... ..H............text...T.... ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......&..............@..B................0>......H.......p ...............................................................0.............(.....*".(.....*.BSJB............v2.0.50727......`...p...#~..........#Strings....\.......#GUID...l.......#Blob...........GU.........3..............................................................6...........................'.................M.....}...........9...+.......a....._.......y.....................................8.............P.......................................................

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.SpriteShapeModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):13824
                          Entropy (8bit):5.184997906156165
                          Encrypted:false
                          SSDEEP:
                          MD5:102F685E86C2C117FE1D3143FA694C7A
                          SHA1:728800E726552E780E226B56694DABCD659A265E
                          SHA-256:615F52D0FEA434AE699F936CE9CB37B8D1CEB01EDF05BBACF4386A263B37C8B3
                          SHA-512:0561D9EB2082613A980573180653EA9C4048AE534512E9E4B8D02C2742920BAC3EF24F4CAE33463029A2FA3AF528C1B907961E6DB30AAE17E1FFFE26E5E12FE1
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...=..............!.................M... ........@.. ....................................@.................................LM..O....`...............................L..8............................................ ............... ..H............text....-... ...................... ..`.rsrc........`.......0..............@..@.reloc...............4..............@..B.................M......H........#...)...........................................................0............{.....+..*&...}....*...0............{.....+..*&...}....*...0............{.....+..*&...}....*...0............{.....+..*&...}....*...0.............(.....*&...(....*2......(....*....0..$..........(.......(......(.....(...+...+..*.0..4..........(.......(......(....X....(......(....(...+...+..*.0..............(.....*..0..............(.....*..0.............(...+.+..*....0.............(.......(...+

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.StreamingModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):9216
                          Entropy (8bit):4.797836458189078
                          Encrypted:false
                          SSDEEP:
                          MD5:072BDAE75A12C5C0FE5D7DA2678F98C0
                          SHA1:C7C96DDF14529EB28493BCDFDD9287FEBAEC33CB
                          SHA-256:362737FF4E081D8FF09C806204A2057E4C8C9CA6AB2F982256620C3A94AC3D7D
                          SHA-512:566E3834157611A37048DE9053BAC4C0F4F52B967C39B37C0C4D37B0C43833E8A01A6E2E4C13C61BF28CCE0C3DCEDF38D9D5A46D8AB5D24F5927CFA36B64090C
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..............!.................;... ........@.. ....................................@..................................;..O....@.......................`......,;..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B.................;......H.......\ ..............................................................".(.....*...BSJB............v2.0.50727......`.......#~..p.......#Strings............#GUID... .......#Blob...........G].........3..............................................................P...........o.....o...J.o...{.p.....5...................#.&...........s.o...........................o...........................................B.............$."...........5.&...P ........"...................[.....w...

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.SubstanceModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):13312
                          Entropy (8bit):5.090471423205964
                          Encrypted:false
                          SSDEEP:
                          MD5:5D496EDEF09850FFC1FD1311CACDAA88
                          SHA1:5C41AC4FAD762D9733645CD8ABD30099460A833C
                          SHA-256:89F91A81EDF3FBD4F370201424B69F3ECF8FB26C7D84DB9E7460421D8287CE70
                          SHA-512:8ECBBC30113E9FFB19AF0D2343702833E748C04248644D56AEEF7BE9E5B7C5F9882B3F45178700D30C5EEF426096981F2149CA6B82D1CC4716CCF7928A9F475B
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!.....,...........K... ........@.. ....................................@.................................|K..O....`...............................K..8............................................ ............... ..H............text....+... ...,.................. ..`.rsrc........`......................@..@.reloc...............2..............@..B.................K......H........ ..x*..........................................................2.r...ps....zB..(......(.....*".(.....*".(.....*N.(......r...ps....zBSJB............v2.0.50727......l...4...#~..........#Strings............#US.T.......#GUID...d.......#Blob...........W].........3................4...4...%.......%.............................................T.........3.T.....T...D.T.....T...[...........t.......T...2.....W.......T.....T.....q.....q...G.Q.G.........q.....T...-.......;.......

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.SubsystemsModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):16896
                          Entropy (8bit):5.278764695046676
                          Encrypted:false
                          SSDEEP:
                          MD5:0E5F14FB3691087FA7250AB313B6F535
                          SHA1:97DAF902F07791F62B3E1C982A900DA01B3B793B
                          SHA-256:382FF04D23DA21E55FF654BCAF5FC4DCA699C9FD69166BDC82007B5D5A403DD4
                          SHA-512:3ED9E03072C20C2211FD2D721D9337D3E739F0EAB13701F8311C233CB188C5AE5E8E3238EA02B0F34536207533283ECD2413F2F855E9AA523ACB55A26EA49A49
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...y.Q............!.....:...........Y... ........@.. ....................................@..................................X..O....`..............................XX..8............................................ ............... ..H............text...$9... ...:.................. ..`.rsrc........`.......<..............@..@.reloc...............@..............@..B.................Y......H........)...............................................................0............{....(#....+..*....0............{.....+..*&...}....*...0............o.....+..*".(.....*..{....*"..}....*..{....*"..}....*..0............o.....+..*.0............(..........+..*....0..:.........{....(".....(.....................,.........}.......+..*".(.....*..0............(..........+..*....0..Y.........(....u.....................,....+3..(....(....u.................}..........(.......+..*".(

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.TLSModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):8704
                          Entropy (8bit):4.631531242456487
                          Encrypted:false
                          SSDEEP:
                          MD5:662008465FDCE51AB1CF16D4FCD9A4F5
                          SHA1:D8B69ACBD6B5ED32B4EDD7C913F1CE3997EC6003
                          SHA-256:5D53E538A9DF6EF5CE2B0FA6A2185BD97EC30A137F3827002527821021E68EE4
                          SHA-512:62F17360074146217907EE63745BBF8AAE6C4A386C8762C98AB315D47AAE367FD0CAE56141D39C191D7F04A070D0CCF18562422C9F10BF01EC5871219EF68834
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....e............!.................8... ........@.. ....................................@..................................8..S....@.......................`......,8..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................8......H.......P ..............................................................BSJB............v2.0.50727......`.......#~..h...l...#Strings............#GUID...........#Blob............T.........3............................................................q.....2...........A.K...W.[...............................;.)...J.1.....9.....'.3.P...#.7...#.....#.....#.....#.....#.....#.....#.[...#.=...#.)...#.....#.....#.....#.....#.n...#.H...#.#...#.....#.....#.....#.....#.....#.y...#.]...#.

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.TerrainModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):80384
                          Entropy (8bit):5.793000135614567
                          Encrypted:false
                          SSDEEP:
                          MD5:C48769CE9D096B7CDAE06B8D503D1011
                          SHA1:7E2889F43ED8D7F93A1D78D9662E0E12887B1DA2
                          SHA-256:E7E1F9DC050D6744640D707EF8413FC076FC741F3DB4E715EBE8A2F6E4AE2995
                          SHA-512:E3A21C7BE0398172BC1BB8EEF1319FA57D352670EA3B6FA60B78047375507D3B700EB40E13EB5B11F0A35BBDF4E67866C926B7DD4BABF24AA991A07873169C84
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....g............!.....2...........Q... ........@.. ....................................@.................................tQ..W....`...............................Q..8............................................ ............... ..H............text....1... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................Q......H.......0q...............................................................0.............(d....*&...(e...*.0.............(f....*&...(g...*.0.............(h....*&...(i...*&...(j...*&...(k...*.0.............(l....*......(m...*...0.................,.r...ps....z..(A....*....0...........(D...(.....+..*.0...........(D...(.....+..*.0...........(G...(.....+..*.0...........(G...(.....+..*.0...........(J...(.....+..*.0...........(L...(.....+..*.0............(.....+..**...(.....*..0......

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.TerrainPhysicsModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):9728
                          Entropy (8bit):4.678842139407753
                          Encrypted:false
                          SSDEEP:
                          MD5:DB2DCC01ADB41ED5ED5C618A8126F133
                          SHA1:D197C0FB29DB40F462423CB8629403A9D242C7E7
                          SHA-256:18FCF064AC183A6A19163B717808562F23265C5062D67706C43D48CF837BE40F
                          SHA-512:AB014FCA69A8FC0803C0621F5502B53C1AE712814889381970A19CCDEB705A0EA2732901FE8499DEBA9C595947751BC025CF2A3B947421C1F65C7DBF0B2379B7
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....a.............!................N<... ........@.. ....................................@..................................<..K....@.......................`.......;..8............................................ ............... ..H............text...T.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......$..............@..B................0<......H........ ...............................................................0...................(.....*.0.....................(...........+..*".(.....*BSJB............v2.0.50727......`...`...#~..........#Strings....P.......#GUID...`.......#Blob...........GU.........3....................................................................................H.....[.....@.(...V.....v.........#.......$.....c.......}...................................................&.....P ......S.....l ..

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.TextCoreModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):181248
                          Entropy (8bit):5.931143089477798
                          Encrypted:false
                          SSDEEP:
                          MD5:0C24029393FE6AE472EFE9B5278D53B5
                          SHA1:00D9BFFF8629A844A3B0B297E3A438B31642BF94
                          SHA-256:61D078536778405B93EFA52FB91695D6DDFA0F20634A15C7C83F02416E27990B
                          SHA-512:2BE7CEB82CC7FF59BE0CC8177CF6F32662583098C0EB61B51DFF3DCCDC681CA7998653FE68EA49DDD067F53D2EF06BFEC17F66C60ADB9690472E62DFBEF1B19B
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................!..................... ........@.. ....................... ............@.................................h...S.......................................8............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............!..........................................................r.(........}}...."...?(.....*..(........}}.....(.......(.......o....(......"...?(.....*..0..A.........{.....{....3,.{.....{....3..{.....{....3..{.....{......+...+..*....0..3.........{.....{....3..{.....{....3..{.....{......+...+..*..0..S.........{.....{....(....,9.{.....{....(....,&.{.....{....(....,..{.....{....(....+...+..*..0..@.........{.....{....(....,&.{.....{....(....,..{.....{....(....+...+..*.0..

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.TextRenderingModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):27648
                          Entropy (8bit):5.457732588296837
                          Encrypted:false
                          SSDEEP:
                          MD5:4888E5FED96E21D7939BB23D06D7843D
                          SHA1:235222BDD53BB40CC3551FEBC73863CFCFB929DA
                          SHA-256:A92759E1F33D8146A64764218B39B5511B0467B8DA6A64DA745CC1A856D5A0C8
                          SHA-512:D190082F81A2C7D6EE44829E35D6EB27CF4D10E004C78C1080FD205BE597D16C06DED8D7B117D7B2E603EBCB90B3BB894340038798E98FA6F99135B8331FC952
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....l.............!.....d.............. ........@.. ....................................@.................................x...S.......................................8............................................ ............... ..H............text....b... ...d.................. ..`.rsrc................f..............@..@.reloc...............j..............@..B........................H.......`2...O..........................................................2.r...ps....z....0...........(.......+..*".(.....*...0...........(.......+..*....0...........(.......+..*....0...........(.......+..*....0...........(.......+..*....0...........(.....".....+..*....0...........(.....".....+..*....0...........(.......+..*....0...........(.......+..*....0...........(.......+..*....0.. ........(....."...."...."....s.....+..*.0...........(....."...."....s.....+..*".(.....*.0..

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.TilemapModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):25088
                          Entropy (8bit):5.466417424206341
                          Encrypted:false
                          SSDEEP:
                          MD5:539CA507EB8B1ADF09CA1CEAC470D665
                          SHA1:A8DAEEA90BB43AD2A869AE15AC766A0326E7AD29
                          SHA-256:1ADFD8AEF8023D7494B1CBA8955B9D8CB45A8665799D9BD87BE2D6D6AF55EEC2
                          SHA-512:A4F2C7DBCCB0FCFF20686100A5ED8B51BF5260CD27C56A73EA70274B48D27234E90D484C9DA944008F8B76DBA8FD5CDD9874C5AF2E267577E92BC3F584CBC462
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Y..............!.....Z...........x... ........@.. ....................................@.................................dx..W....................................w..8............................................ ............... ..H............text....X... ...Z.................. ..`.rsrc................\..............@..@.reloc...............`..............@..B.................x......H........+...L...........................................................0............{.....+..*.0............{.....+..*.0............{.....+..*.0............{.....+..*..(........}......}......}.....r...p}....*..(........}......}......}.......}....*..*.0..q..........(.....+U...(.....+5...(.....+........s....o........X....(........-....X....(..........-....X....(..........-.*....0..q..........(.....+U...(.....+5...(.....+........s....o........X....(........-....X....(.........

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UI.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):224768
                          Entropy (8bit):6.016829607507157
                          Encrypted:false
                          SSDEEP:
                          MD5:30738D4493FE38C0F227593BB9EA6BD9
                          SHA1:F8B4F0D6F87D5567753CD267EC94B1D5714CB54F
                          SHA-256:98555F9093E8407AF12FB87EB9E300055AA09A51E0BE5101F67E11A5E9BC5202
                          SHA-512:D6BF7CF9D91660FA3854C40040D5F4D6FD3F4FF15D667996202A60EEDA5378602C7F1AA18488266AD2B8DD31D78F46B915C97621221438F3069DB9C407F47700
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d!b.........." ..0..f............... ........... ....................................@.................................[...O.......................................8............................................ ............... ..H............text....e... ...f.................. ..`.rsrc................h..............@..@.reloc...............l..............@..B........................H...........P.............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..r...p}.....r...p}.....r'..p}.....r7..p}.....rI..p}.....(-...*J.s....}.....(....*..{....*"..}....*..o....,..o....-.*r[..p.(.....{....o/...*B.o....,.*.(....*..(.....o....,..o....-.*...o......(....(0...&*:.s....%.} ...*..0..b..............%.ry..p.%.r...p.%.r...p.%.r...p.%.r-..p.}.....s1...}.....s1...}.....(-..........s2...

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UIElementsModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):724480
                          Entropy (8bit):5.896261196812473
                          Encrypted:false
                          SSDEEP:
                          MD5:46B3850ECFB6FCCE4640AE81AA873263
                          SHA1:7135174903DCCA5C0756CD87EBE6EDDDCFBAC4E6
                          SHA-256:531B11695DFDB15B61E2F7BFDEAE9B3CF72FABC5D4E36D13A8BC0BFA1B0BCBDD
                          SHA-512:7B147355F6B53F51DD3B64057BCEC4C30D69946EF35A3E45A6630D7A7E38DF84F2E99EA1F9CE28648780FBA35E3C770B9B2EECAD10B2E0A943872AA9E37A2B2A
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!.................#... ........@.. ....................................@..................................#..W....@.......................`......0#..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................#......H....... ....0...........................................................0......................}P......}Q.....+..*".(.....*.0..0........(........}.....{....~....(......,..r...ps....z*:.(2...(......*..0..4..........(....~....o....(......,...(....(3........(......*........*+.......0............{.....+..*.0............{.....+..*&...}....*B..{......(7....*..0............{.....(8....+..*...0............{....(:....+..*>..{.....(9....*>..{.....(;....*....0...........(6....+..*:.~..

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UIModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):22528
                          Entropy (8bit):5.47578626959673
                          Encrypted:false
                          SSDEEP:
                          MD5:3DF3EB56972FE0A07F78B1F51CC6DD25
                          SHA1:1592477D4392E61722592EA2F382414C755C4B26
                          SHA-256:4878DA3B2E3615C65599C6B0D9353EEAC6DCE798C14E4DD9F73825C246A1AEAA
                          SHA-512:20A92EF3A8B2175191B5199C698C3441BD0DC4C65AC638A1CF44CAFD02803FB6AAA1D8C1C5858C187F008B4C3E9919CF7E3D25F3617E42D0BEAA5437FF1450EC
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....V............!.....P...........o... ........@.. ....................................@..................................n..O...................................Pn..8............................................ ............... ..H............text....O... ...P.................. ..`.rsrc................R..............@..@.reloc...............V..............@..B.................n......H........)...D...........................................................0............(.....+..*".(.....*..{....*"..}....*&...(9...*.0.............(:....*&...(;...*.0............(....{.....+..*....0............(........}......(.....*.....(....(....(........( ......($....*.0.............(!....+..*....0.................s....s..........(.....*...0.........................(6.......(5....*..0.................s....s..........(0....*...0...........................(7....*.0..........

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UNETModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):77312
                          Entropy (8bit):5.7304434013412315
                          Encrypted:false
                          SSDEEP:
                          MD5:462E7AEED593264DEBAEA5EED7587378
                          SHA1:0B19EB881BF99EA65C1ADA39A7CA8AECCFD4BF77
                          SHA-256:F2BE799C58E5288C11F871B5762FB9C003A28C5AF279D3ECC2CBB27031CD7C5A
                          SHA-512:31C9553861AC0952686F8DE7890D4B9C2BE7635F8079105EF616CEF736940E3837787ECB6DBD148E6FB7D52252BD4E3E8FC37A36B1DE682018D6921678356B85
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................!.....&..........nE... ........@.. ....................................@................................. E..K....`...............................D..8............................................ ............... ..H............text...t%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc...............,..............@..B................PE......H........a...............................................................0..H.........o....o....r...p(......,(..o.......o....-....o.......+....,...+....+..*.0.............R......%.....(...........,.r9..ps....z.o....o....rg..p(....,..o....o....r...p(....,..o....o....r...p(....+....,.r...ps....z.o....o....rg..p(......9r.........o...............,.ra..ps....z..o........o...............,.r...ps....z...o....-....o.......+......,.r...ps....z...o.......3,...o.......3....o.......3....

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UmbraModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):8704
                          Entropy (8bit):4.631705607827709
                          Encrypted:false
                          SSDEEP:
                          MD5:C6C563FE2F265E1B88AA709D8F618B20
                          SHA1:966ACD29DA9380948D4089D37ED4B7E4EEE1C834
                          SHA-256:8BC8AD3EE7D4ECE7648AA54A17DA2F23873C2408D1EFF2C8674211893859225E
                          SHA-512:48594357BC67D1DB6ACA220ED1D695DC803904DF91D7B78C862976E2CAC10156BD9005E872E5BE1DE25D53F39B82006FAC37A5C011E2491F45EE16650E305EC2
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...>.............!.................8... ........@.. ....................................@..................................8..O....@.......................`......08..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................8......H.......P ..............................................................BSJB............v2.0.50727......`.......#~..h...p...#Strings............#GUID...........#Blob............T.........3............................................................s.....6...........E.M...Y._...............................;.)...J.1.....9.....'.3.P...#.7...#.....#.....#.....#.....#.....#.....#.[...#.=...#.)...#.....#.....#.....#.....#.n...#.H...#.#...#.....#.....#.....#.....#.....#.y...#.]...#.

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityAnalyticsModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):32768
                          Entropy (8bit):5.523274417136151
                          Encrypted:false
                          SSDEEP:
                          MD5:535BE0CA020B595292E497A2417A359E
                          SHA1:E3DFFCD879607D6047DB6F69971376D7EDA2CD1D
                          SHA-256:105E282310F7CFBECE9428D2DA921ABF8DACFF2736BD11741C8676E3F2907903
                          SHA-512:EB85817116663A077DCA570E58EC16A636E568A4E0DE51EB54EC4CFED1C2AA7B5BD677D302942777AC84DBA9E18510C431127BAE7D0FFA71CFCF04F43BB0C373
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................!.....x..........~.... ........@.. ....................................@.................................,...O.......................................8............................................ ............... ..H............text....w... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B................`.......H........9..,]...........................................................0..'.......~.........(....t............(...+...3.*..0..'.......~.........(....t............(...+...3.*..0..'.......~.........(....t............(...+...3.*..0..'.......~.........(....t............(...+...3.*..0..'.......~.........(....t............(...+...3.*..0..'.......~.........(....t............(...+...3.*..0...........~...........,..o#....*..0...........~...........,..o.....*..0...........~..........

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityConnectModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):10752
                          Entropy (8bit):4.720872616882245
                          Encrypted:false
                          SSDEEP:
                          MD5:BB82D3EFC2BE9C2F1E3ED108E09D2768
                          SHA1:0812B18B4BCA385B4A8FF8B7776E6FCB74EB1D56
                          SHA-256:95932F54DB322A128624EE194B8B488B36CA06F891356837F4F2FD18501C866E
                          SHA-512:F1C3BACDBF975C5DED5EE0FAFB23058B54322833191C37247E04ED6500E52D588AB5ED1E6290126FECED2E22A094ED1BA0A0E95FC45F4CB5AC3FE6838D735283
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....'............!....."...........?... ........@.. ....................................@..................................?..S....`..............................4?..8............................................ ............... ..H............text.... ... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............(..............@..B.................?......H.......p ...............................................................0.............+..*..*".(.....*.BSJB............v2.0.50727......`...L...#~..........#Strings....X.......#GUID...h...\...#Blob...........GU.........3........................................................................g.y...8...........`.y.....................g.................L.../.......r.................................&.L...........7.n.!.............S............._.....P ........ ...c ......@.h.....

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityTestProtocolModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):8704
                          Entropy (8bit):4.657192436296583
                          Encrypted:false
                          SSDEEP:
                          MD5:199C6115E583CFDAF38D7EE62BFD58CD
                          SHA1:5D8ED321A335D1C3917C44C632B294064D6B6414
                          SHA-256:989F7412F3607DCE587C70596F1A95D8BC5BF5579B46EAE97E775635233DDD29
                          SHA-512:F5A35B3BE9C03D93E6CD03110832E2214EF4D6199D0E06F9B79CE9B10ABAD01EDAAF41460391CE7AC0ECAEA8E7BB7FEE9DDFC743F3552667677AAD9482E2F9C6
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.............!.................9... ........@.. ....................................@..................................8..K....@.......................`......H8..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................8......H.......P ..............................................................BSJB............v2.0.50727......`.......#~..h.......#Strings............#GUID...........#Blob............T.........3..................................................................N...........].Y...e.w...............................;.)...J.1.....9.....'.3.P...#.7...#.....#.....#.....#.....#.....#.....#.[...#.=...#.)...#.....#.....#.....#.....#.n...#.H...#.#...#.....#.....#.....#.....#.....#.y...#.]...#.

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityWebRequestAssetBundleModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):11776
                          Entropy (8bit):4.829909598165188
                          Encrypted:false
                          SSDEEP:
                          MD5:9AF8BA7CD8EEB03180E99931BF12481D
                          SHA1:C16E8BB7884FA883A6C0535DB209562EACFFF1B8
                          SHA-256:FC311180D0D8961B2E49F5D066A8F45318541EE73A28C74EA1A544814029FD24
                          SHA-512:7B75C396666F73ABE7B5DFF19F09803CAAB190E7E82DAB0437B02B6CB2C4997C6F8F7AFDB6BE6D1E32705754B2E0D9D6F81E6D351D49661049FA2662769F72CE
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................!.....&...........D... ........@.. ....................................@..................................C..O....`..............................HC..8............................................ ............... ..H............text...$$... ...&.................. ..`.rsrc........`.......(..............@..@.reloc...............,..............@..B.................D......H........"..t ...........................................................0.............(.....+..*....0.............(.....+..*....0............r...p..s.....s.......+..*..0.. .........r...p.o.....s.....s.......+..*.0............r...p...s.....s.......+..*.0..!.........r...p.o......s.....s.......+..*....0............r...p...s.....s.......+..*.0..!.........r...p.o......s.....s.......+..*....0............r...p...s.....s.......+..*.0..!.........r...p.o......s.....s.......+..*6......

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityWebRequestAudioModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):11264
                          Entropy (8bit):4.888220004155921
                          Encrypted:false
                          SSDEEP:
                          MD5:7EA0C20BBFFD73FC9B51DF6650C770FD
                          SHA1:CBB499C33218AB78B0555859E86DCF30A4B171B2
                          SHA-256:FAC94C3B255CB69883459E88CCD0A4BD1D47D35C41F4D880FDE3043FC1EE710F
                          SHA-512:9897B72AFC15C0F74175A93000BA1D8E25BC47E31B4F5B05FE3036841DA6994B22975BCB97D9B61E98720F5827FCB184ACCEE4864AF2218995FB077D92DC0E3D
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....(.............!.....$...........B... ........@.. ....................................@..................................B..O....`..............................0B..8............................................ ............... ..H............text....#... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............*..............@..B.................B......H........!..\ ...........................................................0............r...p..s.....s.....+..*....0............r...p..s.....s.....+..*....0............r...ps.....s.....+..*..0............r...ps.....s.....+..*B.....(....}....*J.(.........(.....*^.(........o.....(.....*..0............(.....+..*2.r...ps....z....0............(...+o.....+..*B.(.......(.....*:...(....}....*....0............(.....+..*2.rg..ps....z....0............(...+o.....+..*...BSJB............v2.0

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityWebRequestModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):43008
                          Entropy (8bit):5.513954349875526
                          Encrypted:false
                          SSDEEP:
                          MD5:B59A636B84F3BBDA0F02A210A7FD20BA
                          SHA1:98DB323CD14820708D4007F92C8652ECFEDA65FA
                          SHA-256:E18B6150B7FD2A1D30720ED25A1145007F26D3822E4E53803821F190D6E79AF0
                          SHA-512:8DCA0FCFC8BEFD836A62C689068E656033D0D51AEA291CC6BF39A7AF827D68B90CA82368D235FE1B4FAE3E3001B6FCEC5C7B1DDD4EF341A3AB9D6DDD9883CE43
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L... .............!................n.... ........@.. ....................................@.....................................W.......................................8............................................ ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........N...o...........................................................0..U..........o...../....,...s.....+...s......o........,..o......+...s.......s......o......+...*....0............(........,.r...p..8.......s.........o...../......,....s..........(....,.~.....o....+......,...o....r...p.(..............(....,...o...........+......,..s...................(........,....s..........&..z...(......+...*.........w.+....................0............o......,x..o.........,..o......8..

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityWebRequestTextureModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):10752
                          Entropy (8bit):4.790009420620424
                          Encrypted:false
                          SSDEEP:
                          MD5:9E5BBFBA48BD38730FD1AEFEA28799B1
                          SHA1:6E123C4DE3FFE10C9E835C7CF1351C80AFC2D3EE
                          SHA-256:DB6B311F6B8DF73E6C61391FC0F9550FB7120D1DB8A7C19DAF07955EAC511B40
                          SHA-512:0B267E2EC3A91E8D8A23D29A14DDDF7E26D109B3BBCDAC3B8079E34E1ECE8E29CD0F97B9A0BBE46C0264C99B54A40EB680016BB0F5A8BB1E2DA125E08008E7ED
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;)............!....."...........@... ........@.. ....................................@..................................?..W....`..............................T?..8............................................ ............... ..H............text...4 ... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............(..............@..B.................@......H........!..h............................................................0.............(.....+..*....0.............(.....+..*....0............r...p....s.....s.....+..*..0............r...p....s.....s.....+..*>....(....}....*F.(........(.....*n.(........(..........}....*....0............(.....+..*.0............(.....+..*.0..v.........{......,;..{.....(......,'....s....}.....{.....o.....{....(....&..+%.{.....(......,....(....}......}......{.....+..*...0............(...+o.....+..

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.UnityWebRequestWWWModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):19968
                          Entropy (8bit):5.397341103806931
                          Encrypted:false
                          SSDEEP:
                          MD5:134727DF7494B707EE9076A70AB8E8D1
                          SHA1:AF84AEAF4508922E3EB37403B76C824CC0E10BCC
                          SHA-256:C848FE6072994DEF748F595806497E14D55D8C42828F8D9D13D196CD5A4AB98C
                          SHA-512:755DA2C1E6728F5BFDB9B05A8D43357AFB377D74EB8D78AE7D226892C048ECEDDE010C269FDC6D5B661E2EB3F6B090A9B0667B2BC3962ECF360221BFB912CCB6
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....C.............!.....F...........e... ........@.. ....................................@..................................e..K...................................$e..8............................................ ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H........+..x9...........................................................0............(....(.....+..*....0.............(.....+..*....0............(....(.....+..*....0.............(.....+..*....0..............(.....+..*...0.................(.......(.....+..*....0..............(.....+..*...0............r...p..s.....+..*..0..............(......(.....s.....+..*..(........(....}.....{....o....&*..(.........(....}.....{.....o......{....o....&*....0..d........(........r...ps....}...

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.VFXModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):38400
                          Entropy (8bit):5.607104154919721
                          Encrypted:false
                          SSDEEP:
                          MD5:C635FB5F262C37E3EFDEF446EDE8A503
                          SHA1:FCEFC748FE93271E9297DD57258152588585CB14
                          SHA-256:C372A2FB3DE51A0EB303AE233A685462B6039D9A79B83651DEC352D94BC53923
                          SHA-512:2E4DAC62BC9B479BD444B5D525760B7874CAA6504A4F25FC2E1A8705F445D840CF1BD559E13942968B59BE69A9EF112D513517534FF1D27AAAF87CB9340409DE
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................!.................... ........@.. ....................................@.....................................S.......................................8............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........0...|..........................................................z.(........}......}......}....*B.~......(......*.0..;........(............,.r...ps....z.(....}......{....}......(.....*..0...........(......s.......o.......+..*.0............{.....+..*.0..A.........{....,..{....~....(....+....,...{....(.......~....}......}....*....0.............(........(......*................B..(......(.....**....(>...**....(?...**....(@...**....(A...*....0..............(B....*..0......

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.VRModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):34304
                          Entropy (8bit):5.561644675361123
                          Encrypted:false
                          SSDEEP:
                          MD5:3FFB9440F978D05BB15FAC4A76908ABF
                          SHA1:6C2748FE19CDD8D4CDDD1DA11684C28A07CB3EAF
                          SHA-256:5466C7E93A288A94DDC9753C75906738AFFD142060ECB353FF2BA191E290BDB2
                          SHA-512:5AD9A134AC2E8293FFE437D9AB2D7E36C0CD3BBC30BF935038460AFE322663694ABAD57BB2957FD516A0FB0384C13BEFAC5867098CDC9CD73208DC06FC64E5BE
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....T.............!.....~..........>.... ........@.. ....................................@....................................W...................................x...8............................................ ............... ..H............text...D|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................ .......H........(...r..........................................................".(.....*......(....**....(....**....(....**....(....**....(....**....(....**....(....*..0.............(.....+..*....0.............(.....+..*....0.............(.....+..*....0..(..............,..r...ps....z.o.......(.....+..*.0............(<....*....0...........(1....+..*..0..0........."....2.."...?..+....,.r...pr...ps....z.(2....*J.......%...(9....*..0..'.......~.........(....t............(...+...3.*..0..

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.VehiclesModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):12288
                          Entropy (8bit):5.021213165355612
                          Encrypted:false
                          SSDEEP:
                          MD5:C3D47F27C1870E6C437EC464171DB5ED
                          SHA1:96947146B776CCAE2814240EB9DB5937A0B2229B
                          SHA-256:5FF2E0DF314B22FAE3128D6B468E84CDBD2239A92953FA039AAC1A5E5B495AA3
                          SHA-512:754DAD6C4E08B076935CA015540A62360CD60E0E59B983404C76E1255F83DA025D72CD0C9E957D0B735293B521F2D8BF7669BC2F5C7AD98778D27B26721108E1
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....E[............!.....(...........G... ........@.. ....................................@.................................dG..W....`...............................F..8............................................ ............... ..H............text....'... ...(.................. ..`.rsrc........`.......*..............@..@.reloc..............................@..B.................G......H........!...$...........................................................0............{.....+..*&...}....*...0............{.....+..*&...}....*...0............{.....+..*&...}....*...0............{.....+..*&...}....*...0............{.....+..*&...}....*...0............{.....+..*&...}....*...0............{.....+..*&...}....*...0............{.....+..*&...}....*...0.............(0....*&...(1...*.0.............(2....*&...(3...*.0.............(4....*&...(5...*.0.............(6....*&.

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.VideoModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):28672
                          Entropy (8bit):5.428838829938493
                          Encrypted:false
                          SSDEEP:
                          MD5:83B78F78B657DF69FB750C1281A88C7A
                          SHA1:F6C8A5D9A56E5A1A4978F4E19948075D36D39BA1
                          SHA-256:0AE979A0291602D0823851D4AFE1B93A8C5CFBF61249B8E3E3675F43A2386768
                          SHA-512:04777F6DCFDE0AD0956EF96FAD351B6A5AE3C90E2DCCCABC00FF391F29DE02BF172FFE8C35C85B54C6CE044B147824AA4CC5ABC7A375D440516AEA49D0CD5736
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....w{............!.....h.............. ........@.. ....................................@.................................x...S.......................................8............................................ ............... ..H............text....g... ...h.................. ..`.rsrc................j..............@..@.reloc...............n..............@..B........................H.......h+...[...........................................................0..0...........(........(......(......,...o%...(...+...+..*.0..'........(...........(.........,.(.....+...+..*..0../..........(......,....(...+.....,.r...ps....z...}....*..0............{.....+..*.0.............(....s.....+..*...0.............(....s.....+..*...0............(......(....(.....+..*.0............|....(.....+..*>..|.....(.....*....0............|....(.....+..*>..|.....(.....*....0............|.

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.WindModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):9728
                          Entropy (8bit):4.667824783503563
                          Encrypted:false
                          SSDEEP:
                          MD5:A5B23708E747D5F6EE81B78786413E64
                          SHA1:0C82E08BE76BCF1B5F8FD3A031E53197945094FC
                          SHA-256:D493A1BAAD09801143F67C51BD41B9A04E0BD2D06D23E89D8E03D1294971431B
                          SHA-512:FAA6B57959C4B26E8E55D4160D2011DFAF3CC940104FC189A5B6BB6131A60AFD71F3A14C3A428EC13B71CE52E9D0E5633D4E9B614856F677142456FC7C203343
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....3............!................n<... ........@.. ....................................@..................................<..O....@.......................`.......;..8............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......$..............@..B................P<......H.......\ ..T...........................................................".(.....*...BSJB............v2.0.50727......`.......#~..@.......#Strings............#GUID.......@...#Blob...........W].........3..................................................................................a.....=.6...S.....s...........'.....!.................................A.............................V.....V.............N.............W. ...........K.&...........V.*.............&.............*.....

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.XR.LegacyInputHelpers.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):20992
                          Entropy (8bit):5.461627095157446
                          Encrypted:false
                          SSDEEP:
                          MD5:AFFA856926B7C03DA8BBC0FE00AB5CBF
                          SHA1:88CD6B311CD025E2CB91BDD72E0BE55E9FC789A6
                          SHA-256:CBEFB8B42B7E6368CD25EB2C7F90F462B5E40973F67852EF10C5A46413811E69
                          SHA-512:2014460B0D7E67FA93A1175A845F080D67E77B580A7CD852F9E8C90DC2182909280DC45649348A0B4E9F7AB06864970967899D6DD38817A3FB7F809CE9191F69
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d!b.........." ..0..J...........i... ........... ....................................@.................................[i..O....................................g..8............................................ ............... ..H............text....I... ...J.................. ..`.rsrc................L..............@..@.reloc...............P..............@..B.................i......H........3..$4............................................................{....*>..}.....(....&*..{....*:..}.....(....*..{....*:..}.....(....*..{....*:..}.....(....*..{....*:..}.....(....*.0..7........{....-..{.....0%.{......,...3...}....+...}......}....*..{....(....-.r...p(......(....}....*..(....*6.(.....(....*...(....}.....{........{......._,...(....(....&*:.sj...%.}D...*....0..^.......~....(...+..~....o....,+..+...~.....o....(...._...X..~....o....2.+..{.....3...(....+...(

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.XRModule.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):53760
                          Entropy (8bit):5.742363147625219
                          Encrypted:false
                          SSDEEP:
                          MD5:5A8FDC75BBA6D3D9FD417AB17E29F88B
                          SHA1:6DD3FBBC340D12E8F48D7B9908A924A22348FDF1
                          SHA-256:A4A25660D390B0DCB95464FE4804EF31839D282391A31EB379AE517C23A75441
                          SHA-512:D1C6ED146E6379257D8B0818D68BF79FD7F0C3EEDD1726DA051772CCE8067BACB088390984898C24F81F0E0E8B7ED4EC6A4B89F13F76E153D8513355133044E0
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...4..............!..................... ........@.. .......................@............@.....................................K............................ ......D...8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........J..0............................................................0..'.......~.........(....t............(...+...3.*..0..'.......~.........(....t............(...+...3.*..0..'.......~.........(....t............(...+...3.*..0..'.......~.........(....t............(...+...3.*..0..'.......~.........(....t............(...+...3.*..0..'.......~.........(....t............(...+...3.*..0..'.......~.........(....t............(...+...3.*..0..'.......~.........(....t............(...

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\UnityEngine.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):84992
                          Entropy (8bit):4.977281017348972
                          Encrypted:false
                          SSDEEP:
                          MD5:CBF50FCC7C20BDAC4D8027AE5FC946DA
                          SHA1:0339CD11DC6272DE885872B06F5421C0E7D26623
                          SHA-256:516FC36A10B6D4BAEB782AA37F85884ECC8333232AD018D71D8749DBADEF8BEE
                          SHA-512:B0DB9C6A3BBB43FE31A65DAC14BBE18887E2F6C912291F9BE196842185B4DAB134E15A9B46DD5BE70B1F63DA6569D942C507ED4A20A7FDAFFDC52114F40B7D87
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...pq~..........." ..0..D...........b... ........... ....................................@.................................bb..O...................................Ta..T............................................ ............... ..H............text....B... ...D.................. ..`.rsrc................F..............@..@.reloc...............J..............@..B.................b......H........ ...@..........................................................".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*".(.....*...BSJB............v2.0.50727......l.......#~..........#Strings....(@......#US.,@......#GUID...<@..P...#Blob...........W..........3....................................6..........Y........TI....K....A;...A.....(].\....\....T.............p..-..........U6.-...........U.-.............-......

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\Vectrosity.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):120320
                          Entropy (8bit):5.315520311130586
                          Encrypted:false
                          SSDEEP:
                          MD5:32EB814801B2666F234CA8EAC94F16F1
                          SHA1:44E1C983849F4A28FDE0FA09D672C8C1325B0B9A
                          SHA-256:103A5842334BC7E3D67809AC9F6468742CD558073DA11CD0F1AF0C8821945529
                          SHA-512:67C3DB831F4983C59886E8489F0766879664ACA4B18EB3CD802855B5CECEFC802D395747E2DFAECC31E27202721FAA9F1E2955A1660ED2360C5673B818838EE9
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....aW...........!................. ... ........@.. .......................@............................................... ..O............................ ....................................................... ..............d ..H............text...X.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B.................%. @...........@ ......Z ..........N ... ........................_CorDllMain.mscoree.dll.@ ........H........D...............D..............................................................................................................V..}......}.....(....*....{....*.0..N.........s'...}.....(......o=...(.....{....(h....{....{....(l....9......}......}....*.."..}....*.....{....{.....(k....{....{....(l....{....:....*.{.....oR...*.f.{....:....*.{.....oR...*....{....9....*..}.....{....{.

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\WebRtcCSharp.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):192512
                          Entropy (8bit):5.604898412310972
                          Encrypted:false
                          SSDEEP:
                          MD5:443BF06CD7B36B4E7FA86FFF80BD89DB
                          SHA1:A5C7926C07F87C57B73E35CF12CE639DA7D8C592
                          SHA-256:5D1239405C4351CD8B20E92D0D1C1528AE6749E0D63F9217CEC7530E806BDE93
                          SHA-512:A3CEC1286A11F945352F421DBC6E350392B95C1EA7879FCEA371DEFA65A895B8176B086B908477B700D60394A7F310068478F21C70B0617790ABAA66F9FF44FE
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......]...........!..................... ... ....... .......................`............@.....................................O.... ..8....................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc...8.... ......................@..@.reloc.......@......................@..B........................H.......(...l`..........................................................n.(......}.......s....}....*Z.,..{....*.~....s....*..0..Z........%.(.....|....(....~....(....,+.{....,...}....r...ps....z..~....s....}.....(.......(.....*..........JR......2.{....(....*....0...........{....(......*n..(.....(.......s....}....*Z.,..{....*.~....s....*....0...........o.......( ....*.................0..`........%.(.....|....(....~....(....,+.{....,...}.....{....(G.....~....s....}.....(.....(..

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\mscorlib.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):4072448
                          Entropy (8bit):5.9948896506859555
                          Encrypted:false
                          SSDEEP:
                          MD5:EDC0ACC5ACD70CDA53AA2D8694976E7D
                          SHA1:F89D4ACC3193C58B787058572BB74447BFF082EA
                          SHA-256:11AE017D1504AF038E430D0607E9E3171DE15B021AF1D2D4563FD6F388A916A7
                          SHA-512:4B5207772089C117C8AB38198D15F19126CEACD64C2C7E0741DADB440A0DF587C1DB6DB04BF737F2AA9FDF57848498F5339D6BA3D93A55030ECC4F0656BEB17E
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................!......>..........:>.. ........@.. ........................>...........@..................................9>.W....@>......................`>......9>.............................................. ............... ..H............text.....>.. ....>................. ..`.rsrc........@>.......>.............@..@.reloc.......`>......">.............@..B.................9>.....H.......x... .!.............`.............................................{....*:.(H.....}....*..0..#........u......,.(.....{.....{....o....*.*v .(.. )UU.Z(.....{....o....X*....0..M........r...p..'...%..{.....................-.q.............-.&.+.......oM....(....*..(H...*..*"..(....*6(.4....(....*&...(....*..*J.,.(.4....(....*.*6(.4....(....*:(.4.....(....*>(.4......(....*..(....*.r)..p.o...*.*...0..s........~....(`...,..*.(....(e.....(.....~......~....(`...,.....(#.....Z(.V

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\netstandard.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):84992
                          Entropy (8bit):5.0068823571579655
                          Encrypted:false
                          SSDEEP:
                          MD5:E65510933F59FB02D3B3E96527F14B7F
                          SHA1:D684D677941188CB2E7169AB10999D3B87B4570A
                          SHA-256:FADA723DE68ECA78DC6E4279EBF1C886810DCD7B4A970290CB7AC068EF04B766
                          SHA-512:E24135CB40CCBB32E0AB69C1CB4231B9C107D1C61C33496E15196FA83A4CBE40D9C1EE68886F9DFE67A991E9998FE9DF99401C06C1C78A945BC6E5BFF5596075
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....p............" ..0..D..........zb... ........... ....................................@.................................(b..O....................................b............................................... ............... ..H............text....B... ...D.................. ..`.rsrc................F..............@..@.reloc...............J..............@..B................\b......H.......P ..<A...................a......................................BSJB............v4.0.30319......l.......#~..t...8...#Strings.....?......#US..?......#GUID....?..|...#Blob......................3......................................VC........`1....b6....v$..........T%.O...,.O.../.O...5.O...2.O...2.O...+.O...*.O................................).....1.....9.....A.....I.....Q.....Y.....a.................................#.......+.......3.......;.......C.&.....K.O.....S.m...

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Managed\wrtc.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                          Category:dropped
                          Size (bytes):63488
                          Entropy (8bit):5.429271716598394
                          Encrypted:false
                          SSDEEP:
                          MD5:BB095C228BC593DC4D73A403D7028C7F
                          SHA1:19358B14390B74E3F9A2145362CFF39586ECC52C
                          SHA-256:353ECACC43425E4CCD3E620EBA92D1390E828C39CA00183C8E1596E81FAA0911
                          SHA-512:B4AE8831973EAF695D324E706D8C1C6D2E38D53849C901FC8C1972AA2346FE61E5885AED5592A77375671ABEA4735952F0CEB8A29283573830130681A79A68EE
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d!b.........." ..0.............z.... ... ....... .......................`............@.................................'...O.... .......................@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................[.......H.......@w..l...........................................................f~....,..(....(..........*J.(....(.....(....*Zs....%o....(....o....*.*.(v...&*..{....o.....o.....{....o.....o....*..{....o.....o.....{....o.....o....*6.(.....(....*2.r...p(....*2.r...p(....*2.r)..p(....*F.(....rI..p(....*..(....*...(...+}......o....}......{....}....*..(....(....&.%......s.....%......s....(y...*b(v....o.....{.....oF...*....0..I.........Y...%......(....o.....%.r]..p.%......(....o.....%.r...

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\FreeImage.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                          Category:dropped
                          Size (bytes):6379008
                          Entropy (8bit):6.2535508542364715
                          Encrypted:false
                          SSDEEP:
                          MD5:2B94CC0E7CCB794C6047853A1E26EFF3
                          SHA1:FE64E1281E9442427944FFCF9841C2DB71195890
                          SHA-256:CB55B58C65912DE9517CBD2A414490383A1FCEE2AD52FF8F7EA307716838DEB0
                          SHA-512:6CDC11D3A59A8A4756FA3F5E5F5ACD39AFCBC66DEB180B511594A2CC968A610741E7C26C033DA8AF3027D63C93382AE6F93F563114E02311C1B1D1ED43B194A4
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#..g...g...g.....&.d...|; .|...|;..,...n.-.b...g.......|;..7...|;.....|;%.f...|;$.f...|;#.f...Richg...................PE..d.....9].........." ......*...6....... .......................................a......-b.............................................P.D..#..D.D.<....Pa.@.....^.x............`a..<....................................................*..............................text.....*.......*................. ..`.rdata........*.......*.............@..@.data...p.....D..\....D.............@....pdata..x.....^......4^.............@..@text....P,....`.......`.............@.. data....`y....`..z...\`.............@..@.rsrc...@....Pa.......`.............@..@.reloc...w...`a..x....`.............@..B........................................................................................................................................................................

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\ProResToolbox.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                          Category:dropped
                          Size (bytes):770560
                          Entropy (8bit):6.457985386705146
                          Encrypted:false
                          SSDEEP:
                          MD5:3AFC02BEB5EB7D7BC306020583E039CF
                          SHA1:9D44A22E84792821E80883A360A7B28D0581AF5D
                          SHA-256:6EF5F625F7AD2E76EA86E00B5FA195D61B0AF99B427746AEF1E9D00E7AC3A03B
                          SHA-512:16D34D645925FD73133FFD294D239CB0DCF06726CBDC623C379AB0714D9F98117D1FDEFBC9816402F699693E4FFC1EBB073C438D5594277828A1B630451C9867
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}7D*9V*y9V*y9V*y0..y7V*y*0+x;V*y*0)x:V*y*0/x3V*y*0.x0V*yV2+x>V*y9V+yWV*yx1"xsV*yx1*x8V*yx1.y8V*yx1(x8V*yRich9V*y................PE..d..._..].........." .........x......0........................................P............`.............................................@... ........0..........4q...........@..d....2..p...........................03...............................................text............................... ..`.rdata...X.......Z..................@..@.data............P..................@....pdata..4q.......r...@..............@..@.rsrc........0......................@..@.reloc..d....@......................@..B................................................................................................................................................................................................................................................

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\ProResWrapper.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                          Category:dropped
                          Size (bytes):928768
                          Entropy (8bit):5.3214292469835325
                          Encrypted:false
                          SSDEEP:
                          MD5:456586FCA3778D73F159C6B3E1505F76
                          SHA1:3786D694A88A16D06403B5853C9A978ED94990C9
                          SHA-256:BC9FEDC3DA687A2CB2C238724E4AAB847E57B77D01EB3FCD8BADF3A13BF04F89
                          SHA-512:70D9387DD9E165311F8FF4244C2EA829D201595E915EAB61C5E48A41FF5940AC58C8B70A945210572541C7B3B0106BBFB798EAE1B70C36CD4D82B7D492CBEAE5
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........d................................................................................W.......W.......W.......W.......Rich....................PE..d....._.........." ..... ..........@........................................p............`..........................................................P....... ..."...........`..\...p...........................(....................0..p............................text............ .................. ..`.rdata.......0.......$..............@..@.data...............................@....pdata..."... ...$..................@..@.rsrc........P.......(..............@..@.reloc..\....`.......*..............@..B................................................................................................................................................................................................................................

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\UnityFbxSdkNative.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                          Category:dropped
                          Size (bytes):7461888
                          Entropy (8bit):6.472856050083885
                          Encrypted:false
                          SSDEEP:
                          MD5:6D8766E08DE36CE010238F55AEAEFFA6
                          SHA1:29EB2A66CDE50519C6046890450185EA877444AB
                          SHA-256:7EC16F932DFDE43ED1FDE2F5037987DC376F43B071FC84023DBA37FE6A8BB48A
                          SHA-512:E07473BD3B580185AAC950805C632AA8F2E0CBD0EFBD5478F14DF3BF3159C0C1EFBD89B8A4258D0DB527FAB33D49344509660897DDA93244FECF9B2519B148B8
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................2......9f.................................3.....3......@.....@.....@.^.....@.....Rich..........................PE..d......_.........." .....4P...!..... .K......................................`r...........`..........................................Ij..\...k.@.....r......0n...............r..E.. .].....................@.].(...@.]..............PP.0............................text...h3P......4P................. ..`.rdata..v....PP......8P.............@..@.data....E....k.......k.............@....pdata.......0n.......m.............@..@.rsrc.........r.......q.............@..@.reloc...E....r..F....q.............@..B................................................................................................................................................................................................................

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\assimp.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                          Category:dropped
                          Size (bytes):4388864
                          Entropy (8bit):6.245163412651332
                          Encrypted:false
                          SSDEEP:
                          MD5:D0E26921B71464D350D9DA1DF9E1A42C
                          SHA1:02B008C143B3ED0111EEDC5B01A58EB6DBD3A879
                          SHA-256:C6732F09ED664C5A4415CED80C15899EDFC87FE7C93EE96100A8F2B89F9CC77C
                          SHA-512:28A37F5CB9EFA8A5C8072870F6BD5E2C763065BE853853C4AB18415918B32AE9A44F50FEC0EA298986A6AB40186E02DDDFB59EDDAC73503901FDC4647872EFCC
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........X...6.6.6...6.{.5.6.{.2.6.{.7.6.{.3.6..7.6.7.E.6...3.n.6...2.6...6.6.....6...4.6.Rich..6.................PE..d...B..Z.........." ......*..|......8k'......................................@C...........`...........................................=.....H.>.......B.......@...............B..I.. .1.....................8.1.(...@.1...............*..............................text..._.*.......*................. ..`.rdata..V.....*.......*.............@..@.data...P.....>.......>.............@....pdata........@.......@.............@..@.rsrc.........B.......B.............@..@.reloc...I....B..J....B.............@..B........................................................................................................................................................................................................................................

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\libbrotli.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                          Category:dropped
                          Size (bytes):816128
                          Entropy (8bit):5.817525483174292
                          Encrypted:false
                          SSDEEP:
                          MD5:CCB519167C40EBC04566449543CD6840
                          SHA1:4460BC607815CD032DB65B46F8FC69BEF17D8F87
                          SHA-256:B0BC037BC6E3DE7869776BD122828E4CE94E4DA53D2D5EAC6D9784207018FA09
                          SHA-512:769CF6F507657C85B0BC8DC0ABABB018912CF93953A7C47A6DEF671663FF714602E0CC53FDAE4ED31C068F3FD79AA72D9959DD0A6FEFCEF9DA67BC42578E3027
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*8.SnY~.nY~.nY~....kY~.....Y~....cY~...}.fY~...{.OY~...z..Y~.....kY~.nY..9Y~...v..Y~...~.oY~.....oY~...|.oY~.RichnY~.................PE..d....x.V.........." ......................................................................`..........................................#.......$..<............P...0..............H.......p...............................................X............................text...@........................... ..`.rdata...<.......>..................@..@.data...p....0......."..............@....pdata...0...P...2...0..............@..@.rsrc................b..............@..@.reloc..H............d..............@..B........................................................................................................................................................................................................................................

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\libfastlz.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                          Category:dropped
                          Size (bytes):107520
                          Entropy (8bit):5.999062525193652
                          Encrypted:false
                          SSDEEP:
                          MD5:3717E7643F2B7F67A51D56DBD38B64BE
                          SHA1:03A38FCBE655E36FD67DA9FCB135A8817F114BC0
                          SHA-256:5B0D6ED560EFA2E8557611C4930B7D12D80DF379E7229AF555F0E0861A47DC13
                          SHA-512:8CD68DFA4830D5F3E16C24FF9B14C76E6BFC8546B6C8246EF3C4D0391453096C6739B1B610D9C1809F834D46456E8859B6D22BE0AA4542E521E42BE5353E7DC5
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;.TB..:...:...:..>..z.:..>....:..>..s.:...9.x.:...?.j.:...>.o.:..]..z.:...;.+.:...2.|.:...:.~.:.....~.:...8.~.:.Rich..:.........PE..d....{PV.........." ................,2....................................................`....................................................<...................................0t..p............................t..................0............................text............................... ..`.rdata..>...........................@..@.data...p............~..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\liblz4.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                          Category:dropped
                          Size (bytes):150528
                          Entropy (8bit):6.221306615412363
                          Encrypted:false
                          SSDEEP:
                          MD5:5DF38197A2C52BF7420175B9F26B15C0
                          SHA1:BB8B1BA2993ACF364AB101DEBE1B7A113BA64136
                          SHA-256:3F9DBD72DEA4434935F337C9ABD7BCCBC5669953785FDC5C91BB4192C4F178FE
                          SHA-512:F5A025576045226B77AA1A58ACCD76CEAFFE77419B4AAFB5EB862D424F0446F74DAE689C5B38133780A77D60068C7EF8B60E00ADE82A59E3BB1D01C76A4E1304
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...regQregQregQ...QwegQ...Q.egQ...Q~egQ.<dPuegQ.<bPgegQ.<cPcegQ...QwegQrefQ/egQ.<oPwegQ.<gPsegQ.<.QsegQ.<ePsegQRichregQ........PE..d.....PV.........." ................@.....................................................`.........................................@ .......!..<....p.......P..........................p...............................................x............................text............................... ..`.rdata..............................@..@.data...@....0......................@....pdata.......P.......,..............@..@.rsrc........p.......B..............@..@.reloc...............D..............@..B................................................................................................................................................................................................................................................

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\liblzma.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                          Category:dropped
                          Size (bytes):202752
                          Entropy (8bit):6.316259968867146
                          Encrypted:false
                          SSDEEP:
                          MD5:857C45B6E58F5A9B6F7752CBC1E752D2
                          SHA1:C829A31F89F1B66535A5B3C739D806CE1A4BF7B9
                          SHA-256:7D6EA78AC445BD6CB21DA9E9BEC2C9C28BA16B7695851C2B10F82F3C05C21DC3
                          SHA-512:435790B0D0252B9EB2A247EDEFAECA982529ECE5FC57BB109FE40FCA05A7ED477BED8AF97E3CAEDE5049CFD9FAADD6EB1E6EA838B0790AD113090FD2AEFE8075
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&..b..b..b......g............n....e.....w.....r..M8.g..b........y....c.....c....c..Richb..........PE..d...S.#W.........." .....*...........(.......................................p............`.....................................................<....P....... ... ...........`..........p........................... ................@...............................text... ).......*.................. ..`.rdata.......@......................@..@.data...............................@....pdata... ... ..."..................@..@.rsrc........P......................@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\libzipw.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                          Category:dropped
                          Size (bytes):378368
                          Entropy (8bit):6.485108854999821
                          Encrypted:false
                          SSDEEP:
                          MD5:BE7B7FB79CF956AF20305D5F9045875E
                          SHA1:E706AB1879890792B152A510712CC052757CA432
                          SHA-256:852C84D58F937218FC194B288551DA8E3F8C4834C730D098A677BC17E9EE45FE
                          SHA-512:37668787ACABBD39F5C17C07F59AD67D9834ED3B3C31E781BB115E02EC2AD3CA213DBB14C254505D8CF69D4E179023A071CD4D323112C9FC2517353EEB15E64B
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........B..~...~...~...z...~...}...~...{.7.~...{...~...z...~...}...~.......~......~...v...~...~...~......~...|...~.Rich..~.........PE..d...n..\.........." .....6..........0.....................................................`............................................. .......<...............,+...................T..8....................V..(....U...............P.. ............................text....4.......6.................. ..`.rdata...H...P...J...:..............@..@.data...............................@....pdata..,+.......,..................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Plugins\webrtccsharpwrap.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                          Category:dropped
                          Size (bytes):8088064
                          Entropy (8bit):6.671494654533965
                          Encrypted:false
                          SSDEEP:
                          MD5:97C96190BA34469428CFCD01E8851564
                          SHA1:1083B7C3D6C5BF91148873C31A360D2DA5F193BE
                          SHA-256:053DCC07D92A8400C928A12F472CBC0F7BA5F519E71AAA19B99E4E7685985259
                          SHA-512:B226E3C2BD4B5147E1566585D3ADDE5B6A7CA595C0F2D4E897B4C4FE0D251D504C6D355A77DEEF6BD9FECDBF0E9409A8A100EA3070711A84D5221B30524E6576
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........JH..$...$...$..'...$..!.g.$.8|....$...'...$...!...$... ...$...$...$.. .x.$..!...$..#...$.. ...$.."...$..%...$...%.S.$.1.!...$.1.$...$.1.....$.1.&...$.Rich..$.................PE..d......].........." ......d.........p0_......................................p|...........`..........................................-v.......v.......{...... x...............{.L....Ps......................Qs.(....Ps..............0d..............................text...\.d.......d................. ..`.rdata.......0d...... d.............@..@.data.........w..H....v.............@....pdata....... x......@w.............@..@.rodata.P.....{.......z.............@..@.rsrc.........{.......z.............@..@.reloc..L.....{.......z.............@..B................................................................................................................................................

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Resources\unity default resources

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):3834812
                          Entropy (8bit):3.8544680669377525
                          Encrypted:false
                          SSDEEP:
                          MD5:A5A7B7AADF016E35F2F90C05C699C42C
                          SHA1:2B6DE4741D4A316CE17CFD9554BDF1995E5B29A5
                          SHA-256:565649B99F42A95183A318146B9AC8C24ABD623E9E25F4AA243EAA9D146A80D1
                          SHA-512:226789EF7E9EACD34F66895A5EC59B7E63393A08BA195D2B2F22A7C572BB7BABB7955FDCD03B421188E6404A76EF76871641EE1D8551AB7D45CBBF98A1CC68C4
                          Malicious:false
                          Reputation:unknown
                          Preview:...).:..............2019.3.3f1..........s.......n.0..I?..'.B..0.......*.... ?n.Z... .H........R......*CV.r/.........d..W3{8Y.............q4m...)M...f..m.......j.S""h.h....N..+......kYK..z...g(....u..........E.>....PB.a"r........0...m.4xIx .@$.n{..q..:.2J.N............h....E......D.......`K...%......E........p..0L......,...................-....................'.......9...U......t'..................u'......8....T......v'......X...........w'......x...l........'...........e.......'.......K...........'.......R...........'......hm...........'......X...(^.......'...................'......0...8........'......h...`........'...................'.......-..X........'.......0..d........'......x7..,........'.......:..,........(.......<..tt.......(......P....R.......(..........(*.......(..........@.*......(......@.7.@........(........7.xx.......(.......a9..........(.......j9.T........(.......|9..........(......8.9..........(........9.l .......(......h.9.L........(........9.@........*........9.

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\Resources\unity_builtin_extra

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):1965260
                          Entropy (8bit):5.353754978174522
                          Encrypted:false
                          SSDEEP:
                          MD5:50A80BB290695032E8F4FFD5C1F1BE54
                          SHA1:EFAEEA147F233D5E1A5701E6BECD134B1FE1082F
                          SHA-256:A2CD17EE6BE9D3EA6D16A7070F68C1CB7DDA141241A99AD0C43605306D3DA46B
                          SHA-512:606E84A0448CC314C600C7CE5E6DB0B49370814C14FECF7E47CACAF5022967F1D6CB67E95CA13153DC61389367213EA21A015C74E963A4D6B62B8CFF3D71D8C8
                          Malicious:false
                          Reputation:unknown
                          Preview:....................2019.3.15f1..........0.......*.... ?n.Z... .*...............|u...............u..................0...........2....... $..H.......>.......h...........?.......8...|j......@...........T.......A............ ......B...........`.......C.......`...........D.......@...........E........*.........J...........HM......K............F......f........e..0.......h........~...a......i...........h.......k...................m........... .......n........*..........(#.......@..\-......)#.......m..X*......*#......8...|$......+#..........<-......,#...........D......-#...........|.......#..........&....../#......h....N.......)......`!...k.......)......(....J.......)......(...d........*...........2.......*......@&...3.......;......@Z..\........;.......p..P........;.......2...........;.......L..p&.......>......Ps...........>......8...........hB.......Y..P.......CJ......8v...........>I.........L3..................................................................................................

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\FFmpeg\ffmpeg-20160530-git-d74cc61.tar.xz

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:XZ compressed data, checksum CRC64
                          Category:dropped
                          Size (bytes):7768456
                          Entropy (8bit):7.999976412946698
                          Encrypted:true
                          SSDEEP:
                          MD5:3CAE8B059EEC1D6306D704CBE9B893C5
                          SHA1:5DC301B0CCF40BCC01074BA3FEB59625B598CF36
                          SHA-256:C78318F2BD06958E25F5625E109A5FBCE51BA84A50E97691B4B7A82DBFC7EF97
                          SHA-512:CD11276DA134FF2ECC2694E2176E91CF3ABADDD81C95939861DE0C7DF3B62D9E9E93C806526654B6BF69CC6F1E625D9A0093C14ED865AB87EBE625B293E5B8AE
                          Malicious:false
                          Reputation:unknown
                          Preview:.7zXZ.....F..!.....t/..;...].3a..fna.........Y......q..2.<...HG......./..x....zm.F.OzG*.(..(..T3H..}._.5.....8...J...%...r..n,3.j.).......g.K.C..R...............U........O.[....sj.I......G$zV.uN...K~.?.~.....6.R0[....Q..$.......^r.% .1..G....~.].....:#.1...cW4!......Qty3....Q0.G....0v.Za...B..........,..Qnp*...._t.$Q....iR....sPzG."....X....Z_>:w.g.8....'/.&i.b5nN.....l...=....dvv4..*..Q......?.7g....D@.4M..q...l...%..Q....\.....yH.{m.......K..U.CyS.h.%.....Ql....0*.|..;....1x..,.....~0G....7J..B...0.....8.#.xVOF.8\..K..?xM.b&.....o.....#....:yx..5....q..V.~PP...*._.nO..=.........#...|....].*1.Q....*..{(.......q....d2......$8y.o8.'s..6?....1w......C`H...R.@+..'......<.d....cr.......3|...!......q...&..K?.:..U.U..!...........A..-..j....R]z.....k.)....+3.M./.f.#...).E.y.m9..B)\.........|..A...:......."....<.$...{`Pv.~..#.KfP.O...m.m.-...+....&m.T7S.m.k.>....G..*F>&..mVP..2\.m.....)./.....5..F.x^...X..8F.....r&...{.x)c..{..#........

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\FFmpeg\ffmpeg.exe

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                          Category:dropped
                          Size (bytes):34171392
                          Entropy (8bit):6.522840422768545
                          Encrypted:false
                          SSDEEP:
                          MD5:31F17D3CD49583F21F07176099949DB1
                          SHA1:DB0C66E3C0C298EF4C6C028EC69091959883BB5E
                          SHA-256:7616EA27308829BD08D46D9C2C4DE674B01D5FCC95C460366678B6D53ECC563B
                          SHA-512:5AB5BED012E559FB680BBAA35BBA0FCA75D1E4AA5C5D9EC38DBB72EE991ED76460B36BD2404C2AA3AE687067F715F60E335CA7D3D0F962BAFD9E3D73C6790D63
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X............./..............$...........P....@.......................................@... ..................................<..................................................................................................................text....v.......x..................`..`.rotext..............|.............. .P`.data........P.......2..............@.p..rdata..X.o.......o................@..@.rodata.@L.......N..................@.`@.bss....."...P........................p..idata...<.......>...(..............@.0..CRT....8............f..............@.0..tls.... ...........h..............@.0.........................................................................................................................................................................................................................................................................

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\blank.jpg

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS5.1 Windows, datetime=2014:10:01 12:10:55], baseline, precision 8, 16x16, components 3
                          Category:dropped
                          Size (bytes):10601
                          Entropy (8bit):5.892146904410506
                          Encrypted:false
                          SSDEEP:
                          MD5:CCDC2B2947DE4989C359A3EAF6C289F1
                          SHA1:53DA4F4938D285CD173E203348DB45733F3BD40A
                          SHA-256:D2EFCA5944B78D0A3C41DD4BEEB530F9FE11E3F29D5889C22F1C43F5DA404237
                          SHA-512:DD26B51B5454B648335729C782A11FF25355A308749F269270FD661BA9234357D4F3257E7E0E8B95315480290455658761EF4F6715D3090BE9D5D057D86E942F
                          Malicious:false
                          Reputation:unknown
                          Preview:.....LExif..MM.*.............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop CS5.1 Windows.2014:10:01 12:10:55..................................................................................&.(.........................................H.......H..........Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..I%?.....>Photoshop 3.0.8BIM.%......................8BIM.:....................printOutput........ClrSenum....ClrS....RGBC....Inteenum....Inte....Clrm....MpBlb

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\freeimage-license.txt

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:ASCII text, with very long lines (1276)
                          Category:dropped
                          Size (bytes):17436
                          Entropy (8bit):4.820893646003514
                          Encrypted:false
                          SSDEEP:
                          MD5:7D2690B4D6D7DD53D69A773664BC4850
                          SHA1:0CA251A586F81FB996E02F5391EFF7C20F914FA6
                          SHA-256:37F80B2998523E0E780CBAB2774E1EE7EB4B7945F1FF232F5ECE22CE037B6282
                          SHA-512:954997C1EBC22FA97F6FF23E8B97DD1CBE4C93567B8BC10B3434F8B76FE45EDA4B4F5EC8DFD0CDA7B22EA96DE522B20B1F288B87896963940255F50CAB18311B
                          Malicious:false
                          Reputation:unknown
                          Preview:FreeImage Public License - Version 1.0.---------------------------------------------..1. Definitions...1.1. "Contributor" means each entity that creates or contributes to the creation of Modifications...1.2. "Contributor Version" means the combination of the Original Code, prior Modifications used by a Contributor, and the Modifications made by that particular Contributor...1.3. "Covered Code" means the Original Code or Modifications or the combination of the Original Code and Modifications, in each case including portions thereof...1.4. "Electronic Distribution Mechanism" means a mechanism generally accepted in the software development community for the electronic transfer of data...1.5. "Executable" means Covered Code in any form other than Source Code...1.6. "Initial Developer" means the individual or entity identified as the Initial Developer in the Source Code notice required by Exhibit A...1.7. "Larger Work" means a work which combines Covered Code or portions thereof with code n

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\pdf\elevation.css

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):1236
                          Entropy (8bit):4.987919738572904
                          Encrypted:false
                          SSDEEP:
                          MD5:AB9DB133221F76765F295DBCED5BD9B7
                          SHA1:DE6BEE23410256E9B9DC41465F080C76CFB75A63
                          SHA-256:64948D7C23A298A9BA791A8E3AD722872C53BD65801A62510CD16B14A518277B
                          SHA-512:1F967D2B18E9BD5E296821211E31A99B5E68E73729186BCD4A2FC3F24A32774AF1EFF83AE72A69F025001A7908D45B54E9190EA4398992A1405677B5DE72E7DC
                          Malicious:false
                          Reputation:unknown
                          Preview:html, table{...font-size: 12px;...line-height: 1.5;...font-family: Arial, Helvetica, sans-serif;..}../*#wallinfo table, #wallinfo th, #wallinfo td {.. border: 1px solid gray;..}*/....h1 {font-size:23px;}..h2 {font-size:19px;}....a:link {...color: #000000;...text-decoration: none;..}..a:visited {...color: #000000;...text-decoration: none;..}....#header {...text-align:center;.....}....#wallindex {...width: 750px;...margin-left: auto;...margin-right: auto;..}....#wallindextd {...width: 375px;...text-align:left;...vertical-align: top;..}..#artindextd {...width: 375px;...text-align:left;...vertical-align: top;..}....#wallinfo {...text-align:center;.../*max-height: 1150px;*/.....}..#wallinto table{.../*max-height: 1150px;*/..}..#wallinfodata{...padding-left: 40px;...width: 445px;...overflow: hidden;..}..#wallimagedata{....}...landscapeimage{.......width: 960px;...height: 850px;...}..#blueprint{...position: relative;..}..#blueprint a{.. display: block; .. position: absolute;..}..#artr

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\pdf\source\libwkhtmltox-0.11.0_rc1.zip

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:Zip archive data, at least v1.0 to extract, compression method=store
                          Category:dropped
                          Size (bytes):11544270
                          Entropy (8bit):7.996831371443976
                          Encrypted:true
                          SSDEEP:
                          MD5:5D674EFB8F5CBA1A508F39B81C741984
                          SHA1:3029E7293268175C95C283DE8C3B3E421C50021A
                          SHA-256:7E6094CF85259374775056CC7C17F4C5363B9B4CD750ACF64DFD21CED408B0FB
                          SHA-512:B1F8CF0B27D4119A40639F178D9EAF22639F069AF4776AD5DB36B96A5BB5F97FAD5F052F3F96B825D2164B860E7A6300D503A5C372DAF58A62E2F3BE4C2DA5D0
                          Malicious:false
                          Reputation:unknown
                          Preview:PK..........B?................lib/UT...K..NK..Nux.............PK..........B?d....&...P......lib/libwkhtmltox0.aUT...K..NK..Nux.................E..;!..E...0B....I......2!!.....~&.f:...7.23.......DDDEE...T..e..Y..U.p8.r\..uY..........=5.f..n.I<..s!...v....nm.V.X.p.R....d<e...v.......x.....-k...........Ae.;TF.P.5Ke..T..Q..%*{..2.;*.5T..r.z*...T.r.6*.....2...7/..[....*7m.........[.Qy...w....+..9K..|p....r.r*.^K..R.?A.wS..a*.]N....<.../e.|.q*__K../R..b*.....<v".....CT.oQ...T~.....T.~..OvQ.._R..>*?.9...L.....l..s.R...T~u...y......#T..L*.9E......Q.......r.r*..R9.E*..P9.a*.8...Qy.sTNOPY|=.3.Sy.:*g.........b!.s..r...\..T.1*...^..:..wR.h1...LeC..._R.d..-3T.>Aep....*#wP.u...wQ..{*W.Ne..*c{...Le.f*....wQ.<E.......d......J........~C..k..r..w.@.....*...VS...T>...G.L......'?E.T>.4...._R.r...N..{.|s..G...ET.w....Syb../P..^*?.k*O....T~..T......T~q".....T..H...R.....7S..a*.6K.7.Ry.I*..E...m.|.Fe....+...QY.S*//R9e!.......v*g....=Fe.&*..He. .s...

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\addons\pdf\wkhtmltopdf.exe

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
                          Category:dropped
                          Size (bytes):41563648
                          Entropy (8bit):6.432398795452787
                          Encrypted:false
                          SSDEEP:
                          MD5:68020601296529CCF4EA274052E446FA
                          SHA1:99961615604253F6D3331D4853A3497D3372C7DE
                          SHA-256:64D17682320BFFD45B2208ED13B136D59139E82573745F14556CF25E95CBD808
                          SHA-512:BF5381A85685EFDB9EFAF09004B9B2AEC5676731ECDE8BBBC9634FB58F6CB59F296D058EFF02482A0FC59123540A11266C9EA27BE823F07E436E19D56937E959
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....y.^.................p...&z..F............@...............................{....._Cz....... .......................................s..%....s..[...@t.`.....:..............Pt..t...........................8..(...................l.s.@............................text....j.......p..................`..`.data...............................@.`..rdata..@.T.......T.................@.p@.pdata........:.......:.............@.0@.xdata..H.'..PJ...'..FJ.............@.@@.bss....@D...@r.......................`..edata...%....s..&...6r.............@.0@.idata...[....s..\...\r.............@.0..CRT....p.... t.......r.............@.@..tls.........0t.......r.............@.@..rsrc...`....@t.......r.............@.0..reloc...t...Pt..v....r.............@.0B................................................................................................................................

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\app.info

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):27
                          Entropy (8bit):3.7360069464476564
                          Encrypted:false
                          SSDEEP:
                          MD5:F3B3A6B6BB2429210B8064618CBDB19C
                          SHA1:7BD892C4B1A3DEF02A9197E33071917A9A09EC3A
                          SHA-256:3FA4AE6BF11268E342B06F5AF77E57C1D768B3652F8FADD232F2CFEB67234EA1
                          SHA-512:AD7B83C6CCB1BDF9DB155D75F43C664EFAA763EF4E2C231B7E43C90C37051A71E9110B7ACCE8FF97D3690440E036AC5B344D193488556738CB4F0B83B177D4D4
                          Malicious:false
                          Reputation:unknown
                          Preview:Ortelia Interactive.Curator

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\boot.config

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):62
                          Entropy (8bit):4.249926101955455
                          Encrypted:false
                          SSDEEP:
                          MD5:100DA3C20E8E4A12D9F1009CA8A525D7
                          SHA1:957413B32F40221F581E0FC5A1582AD429C5DEA4
                          SHA-256:78CC47CBBED8923DF2D9EB2DA0C8FD7B3B400B3353544ADB47C327802FC0BA56
                          SHA-512:4D28D05522A0C8C5684DF3B3C90344CE1AA1D6455BFE1A0EDAC02EA73C1A4B36C8D113376565BD0D44E8962F4BC330CE768DBFB2B64A1D926435E6F0B1675C80
                          Malicious:false
                          Reputation:unknown
                          Preview:wait-for-native-debugger=0.vr-enabled=0.hdr-display-enabled=0.

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\globalgamemanagers

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):140620
                          Entropy (8bit):5.528620608533295
                          Encrypted:false
                          SSDEEP:
                          MD5:C8E6601C43CCEE4E6B6B4B516D7ED275
                          SHA1:F4E9D4C1F62021449D44D8476F935B2AC560599F
                          SHA-256:57DB87DD0AB394ACBAD3CC223C6141C6D274D29FA5FB9050722001A5886C1235
                          SHA-512:5B30B4E0FDB357D917957DF1FB17FECE0755EB823E6211AE6E77D221BA9D2BB4E850720E8C897C01DEBEF3E15377229C045DACAEDBBC2E43274597BE53295909
                          Malicious:false
                          Reputation:unknown
                          Preview:...h..%L............2019.3.15f1.................2...BT..?.J.L.e.........P.x..D.0@..K&1N......=...[+.?.f.'..............$...i.V3.V.^.......$.|u.y.W..z....t.......(%....-.v...\........'SIzSy..z}.3B...........#eo.Z5.y..8...b......d>..}nr..J.~.FD.7......]).f....K....U........p.I.-[.e..+..../......j......Z..................3.o...)..~......0i..T...ZExf..!........7{=. ..i...#...,..........#via.G_.S......S...g2....}......=.....7...(i..$.W.M.f.r#.K.................x...............x... ...................T...................0............... ....4...............?.......................................................................................................:..................P............... .......................l...............h...............................................................<....................................resources/unity_builtin_extra......................globalgamemanagers.assets......................library/unity default resources......................

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\globalgamemanagers.assets

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):5735276
                          Entropy (8bit):5.557536938652122
                          Encrypted:false
                          SSDEEP:
                          MD5:1D194F244DB352039416E94977736EBA
                          SHA1:37AA6CEA8DBCDB3198A827CB94C1F57E05A96619
                          SHA-256:9793DF53FFD4926E0D7E94C4F160A950A85964A192AF1497CBD59E267E23A6CB
                          SHA-512:326EF69361E596190CFAD187A8FFB81B32567350B4FF6E1229D705BAE1F3F2EFF581F10755B424D21413E65CEB9918A2559221ECE8F1B6D241601A638602B199
                          Malicious:false
                          Reputation:unknown
                          Preview:.....W.l............2019.3.15f1..........s.......n.0..I?..'.B.........q...\..|...q~.........q4m...)M...f..m0.......*.... ?n.Z... ........&.Z$.S6..jpx.SlK|...........`.......................$...............(.....6..............f:..P................:.................h.:..4..............0.;...................;.."...............>;..<..............P{;.X$................;..+................;.................H.>..X..............0!D................. :D.L3..............pmE..+..............(.E..%................E.................0.E..E..............(#F.._................F..X................I.................p.J...................L.$5................L.`................mM..,................M..^................N...................O.D*...............>O..................WO......... ........uO.........!.......H.O., ......".......x.O.`.......#........5T.x]......$.......P.V..#......%...........T.......&.......X...p.......'...........X.......(....... ...<.......).......`...<.......*...........\.......

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\level0

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):321760
                          Entropy (8bit):2.8417355216073017
                          Encrypted:false
                          SSDEEP:
                          MD5:3DEFE341BFB12B745A5471F49F7260B1
                          SHA1:BF833B3F8F6740F6796C10AB7214FD3E9826F834
                          SHA-256:090FECAABBBA53C65E2017A265F94AE72876C90CF210FF239D2A18ABCD512ECF
                          SHA-512:4BA67BECA311B6FD214840A42560700FC35C5BD1910174E8429CD8B2489B53492D748A2E04DA858E2395B06B18D8F9A4FB16DAA9030B440986DABAF10C58E416
                          Malicious:false
                          Reputation:unknown
                          Preview:............... ....2019.3.15f1......M............N..vB...............v...xI.B..7...4U..........V.......q...Q......0^J..K..%...u..h......0..ZgA.$. ?..&._l........)......,...|..............$.g.]..............Bh._'86j........0o.'9..O...M.8........WP.N ..hBM.............-z6a.....:a`e........~........K.~.........[.+...g...$...6.H......._.[..]*.{.....r....!....@z..U.c.:0).c.Bt...<.h......lr....;..CP...<x.ya2.Q..i9w,..wZ....2SD.r....1.....a]f...X.CC.n.3...9.d..%.."hr.......7...,.l.t..]v.._.R. ../.l.Q.(..r....=....i...58.]..Q=.....M.U.9....r........<.T..Gig5o.h.9../r.R....lG..qr.......s.p.)r...Q.)*7.q.jkl../...L}..Or....2...bT;.%....'.A.?...5.......nr.......f.-.(0CD........;...\.....@,r......;M%oI4..a..x.n.R._..C..-z...4qor....".. HP>..OMU..l.N.+.s...D...7Br....(..M.[Q..dE..W.6=L..v..Gt.B9.b.?..r....3..D.......Vj#..x?Y;...r....J.K.r.........y..3..^C.\F]I..43.&].:..].Gr.........@.....................Wr..br....$.....C.>X..;]i.hJX..^...S.09...r....*..h..c

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\level1

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):1130568
                          Entropy (8bit):2.9461823425284472
                          Encrypted:false
                          SSDEEP:
                          MD5:5E1E2E5437BFD2E215274AFE77F96547
                          SHA1:4A3A8E24C1F0ABF3F1385FA4E090C30DC0929470
                          SHA-256:379A75386BEC6A6B62E99B358BBBEC876B82797FF8F79535EA0DB7001E9B0056
                          SHA-512:BC78512A0C468922B9AF69B7E06D893AD586089AC83B8136FB06ED0B680ECED7B9BA1B0EEF72ED72114A9F4D1ED10F521FC4E8E8A8904B1BCC5DAD7BD644B5FB
                          Malicious:false
                          Reputation:unknown
                          Preview:...U..@H.......p....2019.3.15f1...................N..vB...............v...xI.B..7...4U..........V.......q..........m...nN.T....;\.!........0...$..nX`..y@...........y...G..,.a A......C.f......|.V.w:Q......0^J..K..%...u.._......u..X@....m.a,...h......0..ZgA.$. ?..&._l........)......,...........}.\....ne7.<H-.............Bh._'86j........0o.'9..O...M.8........WP.N ..hBM.............-z6a.....:a`e........~........K.~.........[.+...g...$...6.H......._.[..]*.{.....r....I....@z..U.c.:0).c.Bt...<.h......lr.......CP...<x.ya2.Q..i9w,..wZ....2SD.r........bT;.%....'.A.?...5.......nr.......s.p.)r...Q.)*7.q.jkl../...L}..Or....\.M.........v..!...."GM.R.2~N.Z$r....:...<.T..Gig5o.h.9../r.R....lG..qr.........i...58.]..Q=.....M.U.9....r....2..7...,.l.t..]v.._.R. ../.l.Q.(..r....!.(.c.'..L.......w.....N..l.).J.r....8..I.-.....}J...9?Z.#}G.+....g..zr......`K.J......ZONA.....0......L.R.%r....W...G...(..].0Q..z.."..1...9..r.......f.-.(0CD........;...\.....@,r....).Kc..s.m.

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\level2

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):995920
                          Entropy (8bit):2.947124988103388
                          Encrypted:false
                          SSDEEP:
                          MD5:0B2C1C2BFA79B93DA37CF4CDDE151A60
                          SHA1:15A81CBB8A25E03A812B38BEE5FC4F94E755BC90
                          SHA-256:2F94FAEEDCDEE353524C27E5F17EFAD4DDACEB31BD04855DE596E343A15A55BE
                          SHA-512:D8EB41110B1B846289923C02A58EADFF917E2B8AFF7A4477E239E95D988B574977F12B13DD2250EF93B2B3935CD3B06B3AA17C82B1C58C9FF628319E44BDFA64
                          Malicious:false
                          Reputation:unknown
                          Preview:..|k..2P......|.....2019.3.15f1..........T......n._^..K..\.'..7Y.........N..vB...............v...xI.B..7...4U..........V.......q..........m...nN.T....;\.!........0...$..nX`..y@...........y...G..,.a A......C.f......|.V.w:Q......0^J..K..%...u.._......u..X@....m.a,...h......0..ZgA.$. ?..&._l........)......,...|..............$.g.].........}.\....ne7.<H-.............Bh._'86j........0o.'9..O...M.8.........e.c=/..8.m...........WP.N ..hBM.............-z6a.....:a`e........~........K.~.........[.+...g...$...6.H......._.[..]*.{.....r....B....@z..U.c.:0).c.Bt...<.h......lr....y...bT;.%....'.A.?...5.......nr.......s.p.)r...Q.)*7.q.jkl../...L}..Or....5...<.T..Gig5o.h.9../r.R....lG..qr..../..7...,.l.t..]v.._.R. ../.l.Q.(..r.........i...58.]..Q=.....M.U.9....r.... .(.c.'..L.......w.....N..l.).J.r....2..I.-.....}J...9?Z.#}G.+....g..zr......`K.J......ZONA.....0......L.R.%r....N...G...(..].0Q..z.."..1...9..r....P..].^.<?.\..iA.t..c...Zjn.~.T....r.......f.-.(0CD.......

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\level3

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):15944
                          Entropy (8bit):2.6172491539514886
                          Encrypted:false
                          SSDEEP:
                          MD5:1FFF39A55B30BB203EC2E1BF2B2AED6A
                          SHA1:5D36EFEE87303A68330937AFEE43DC2A0E3A8426
                          SHA-256:DF56A18F57FB781AB1D35A363204A1F4CBF8A48711186C2E68EB01551133D7C3
                          SHA-512:B51F35DC04C4282DAD866CDB5E152C5E13A51BBB0CFBA66ED3521016CE10F4365E44470800E983154CAEBF57C9B5C509C453F329AB6CBC90EE8A9CBA4783DE16
                          Malicious:false
                          Reputation:unknown
                          Preview:...s..>H............2019.3.15f1...................N..vB...............v...xI.B..7...4U.......m...nN.T....;\.!........0...$..nX`..y@...........y...G..,.a A......C.f......|.V.w:_......u..X@....m.a,...h......0..ZgA.$. ?..&._.............Bh._'86j........0o.'9..O...M.8.........e.c=/..8.m....r.........~<..<..oZ.....u.W.~-N.G.h.gz.r......._\?....b^fu..f/..q...`.e.T.k0r.........>..K.8.%...D.HV......3..F<..r........ .]..Z.A.N...q.jkl../...L}..O..................#...............(...K...............x...G...................#...................K...............8...7...............p...K...................G...................K...............X...K...................K...................G...............@...K...................K...................K...............0...'...............X...K...................K...................K...............H...K.................../...................K...................?...............X...'...................G...................K...................K...........

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\resources.assets

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):3429596
                          Entropy (8bit):5.509634632132235
                          Encrypted:false
                          SSDEEP:
                          MD5:BA1F04999381637C80D01BED37F94A8E
                          SHA1:95CEDEB26FF4330BAA85DC8E4C36EA83B2D3F4FC
                          SHA-256:E8C8C8F38807AEBE17FFE7F41AF3F1CC1300D4CC8A316EBF29C676424D0FC1EF
                          SHA-512:B1B24553433733C849EAC2100E4C6F41447DE82DFE6AC4BD1EE78550ED073AAD743F81FF992D30A1F71F16EE6DC65C4FA4F0FA5495165B9B2DDE0F70BC3A7E85
                          Malicious:false
                          Reputation:unknown
                          Preview:.....4T.............2019.3.15f1..................q4m...)M...f..m.........d..W3{8Y.....0.......*.... ?n.Z... .1......Hk..].j...d0X..m......Hk..].j...d0X...........N..vB...............v...xI.B..7...4U.......m...nN.T....;\.!........0...$..nX`..y@...........y...G..,.a .......WP.N ..hBM...........~........K.~..r......(1@.'VV|.;..-.6Z...B...)q..-.o.r......X...O.....e..,.\.9.c.S.9X.iFZ.r......L..ke..^`...;./..P...D2....G ..r......g......L.$2TkY....7.....q6r.Jn.Gr.........D...g9".*I..xq.jkl../...L}..Or........u...l.U.....3U.......B.nwv.'[r........x.....q.....n.f]......ta.r.......c.8.....y..g.-......'.R..]R.Zr......S.oh ...h.......n...!f...b.|}S.r........o....i..;...u\3O...H.w.3....|.r......./...II..B...@D.q.jkl../...L}..Or......Ph/}.}..k.@.;....S./.....vi..r..........(2w.t..,.#+.....De.<6.f>.hr.........e..|E.b'...Kv.!.....it.n.5..r......*j.]U`.h2=...b...J.=.Y...j ....r......0.....CuY{...f%....g.Xf4.Cy...U......................................T...............h...

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\resources.assets.resS

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):401780
                          Entropy (8bit):5.088753656325472
                          Encrypted:false
                          SSDEEP:
                          MD5:401D81E7E8C3053E677871AC65858AA5
                          SHA1:52F61E81EC4D64F0734CF41FA56CDBE28230F88B
                          SHA-256:52FF003D88AF0467AE14A49BF8DB9EDEDEC859EBF8D2EECBBD581AEB4C5DEB84
                          SHA-512:2353F6FC1C9A78A469F5A0BCD7B88A8E11F3C35AC199C5771D0A925EDC8A4F32EDEB4E2E5B4172BAAD8D7F54A85D3A26AA9CB6F616A50CE0561BBFD1AEEE4AC4
                          Malicious:false
                          Reputation:unknown
                          Preview:...|z.~z.}......|.zz..|.{.....z}..}..|.}{.~z..y.~..y..~x..y........}.wu.~~........~.{{..}........~....{..{..............{x.~w.|{..w..z.z.....~..~...}.|..{..}......|.w~.zz.}x..w.}|.|..~...{..x.......{..y|.}}.............|...~..{.}~.x.....~...{.~~.y......y..v.~..~.....~{..{.{..{~..~...........}.y...~..x..s.}u.|.....|........~..|..............zz..w..~....x..............}}.~w.|{.~..~........y~..|..z.~..~..z|..z.}~....}......|..z..|.v{.......}..~......}..w.}u.vy....~......}.wz.y{..~.......}.....t......{.y{.z......}.~z..........y..}{..{.|..~..}........z..y.....}........{..w...z.~.....~......~..v..z.u~.wz..z....}...~..|.|..}......y.}y.}|.z~.......w..~.....}~..}....|~.}y.~......~.~{.~~..}..}.y..|..{.....|...........}~.z{.......y.....~|..y..x.zx.x|..|.}...........|}.u~.~.........~.......y......|..x.xx.||........|.wz.}.....y...~....}.....|..u..~..|~..~.......~..t..|......{..v.~~.}..}......|....{}.z}..|..|.{..~..y{..~..}..z.|........~..{......y.}t..y.......~z.yt..s..z.{..~..}}.}z..|..........~w..

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\sharedassets0.assets

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):2136212
                          Entropy (8bit):5.73909671973426
                          Encrypted:false
                          SSDEEP:
                          MD5:8BF6FFAF87673B33C0C961D26A232B26
                          SHA1:B651FCB9F64F520D8BD04ABBEAA45F5B101F21FB
                          SHA-256:D4703B9436670B4FE6E9F029CE2B6783099B1A92F2113BB40AA98E26C3AD32DB
                          SHA-512:FB1320272F9B1FEC0EE4116A32054647B683DCE5A3D15515855CBCEEDCEA59DAB7D916639E32135192C9A081AC3AD06499B4E9139B38A5CCD7F8BFBA5960E9CD
                          Malicious:false
                          Reputation:unknown
                          Preview:..... ..............2019.3.15f1..................q...\..|...q~.........q4m...)M...f..m.........d..W3{8Y.....0.......*.... ?n.Z... .......j.S""h.h....N............E.>....PB.a"I......;~...Vg..o.9Y.<..........N..vB...............WP.N ..hBM...........~........K.~..r.......:O./..h._..`.x.z...^S.U.=......r......U>. m..J...R..n012......H...b.r............P..3.z.^..='4....!L...r........<.T..Gig5o.h.9../r.R....lG..qr.........i...58.]..Q=.....M.U.9....r.......f.-.(0CD........;...\.....@,r.......I.-.....}J...9?Z.#}G.+....g..zr.......7...,.l.t..]v.._.R. ../.l.Q.(..r.......I.L..Qa[58....;....7.@....T..or.......%w..!|16.d.7X&.........].`.w#..r......M.........v..!...."GM.R.2~N.Z$r......9..O$[n}..$.~..M.^^...i.`.&.e.r...............jn..D..FW.h..?rI.|....r.........y..3..^C.\F]I..43.&].:..].Gr......./!_i...;1G.t...*.....LF...wv.#.r......3.S.p....mX..}......<.`.nl...r..........a]f...X.CC.n.3...9.d..%.."h@.................m...............p...................0...........

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\sharedassets0.assets.resS

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):5188264
                          Entropy (8bit):2.845494016678944
                          Encrypted:false
                          SSDEEP:
                          MD5:A86A1769867C9E9C6018D6B29528F524
                          SHA1:52F72360D0184DAA820D10154EF99AE4580C0704
                          SHA-256:560E3C8D8DF7046275C0B5C9284F9F8FBBF81400A93E708C33DE9355D9A1D2B9
                          SHA-512:878C2751504EACBDBDBF78917D896592B2259AB49CC202FD74549891E93ADA756CB5A044CC26A3FAE5A42DEFD0465BDFB06F5B3537325F2A5EF2D13A6487E12A
                          Malicious:false
                          Reputation:unknown
                          Preview:...........sU.....I.$I.$...sU.....I.$I.$...sU.....@. ......sUP@@..I.$......k......I.$......k...............sU.....I.$I.$...sU.....I.$I.$...sU.....I.$I.$...sU.....I.$I.$...sUTTT..I.$I.$...s......I.$I.$..........I.$I.$..........I.$I.$..........I.$I.$...k......I.$I.$...s......I.$I.$..........I.$I.$..........I.$I.$...s@@@@..I.$I.$...k......I.$I.$...k......I.$I.$...s......I.$I.$..........I.$I.$..........I.$I.$..........I.$I.$...sTTTT..I.$I.$...s......I.$I.$..........I.$I.$..........I.$I.$..........I.$I.$...k......I.$I.$...s......I.$I.$..........I.$I.$..........I.$I.$...s@@@@..I.$I.$...k......I.$I.$...k......I.$I.$...s......I.$I.$..........I.$I.$..........I.$I.$...............$...sTTTT...........s......I.$I.$..........I.$I.$..........I.$I.$...s...@.......$...k...............s...U..I.$I.$...s...U..I.$I.$...s...U.......$...s@@PU.....I.$...k.........I.$...k...............s...U..I.$I.$...s...U..I.$I.$...s...U..I.$I.$...s...U..H.$@.$...sTTPU..I..I.....k......I.$I.$...k......I.$I.$...k........ ..

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\sharedassets0.resource

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:WebM
                          Category:dropped
                          Size (bytes):3703013
                          Entropy (8bit):7.8957441013500835
                          Encrypted:false
                          SSDEEP:
                          MD5:F66FEC8C47E8E33FDEE258A4FDCF3B2A
                          SHA1:C159A4971282DC29977C4E743E0EAB7150FDF9B9
                          SHA-256:F2CF2A53439E6ED3D9F2EA5FE74FA408E7838D3ABB3C8FFE9D9D821DF3D9DC59
                          SHA-512:32D9EDEE5B4A4680CCCC8715526799E95A3D0848B004057EA21D91ABEB9E85663396E71CF25AE3EE5DFF0521065ED03A7766A2AA0E4CCFAE4588D5FA935A79BB
                          Malicious:false
                          Reputation:unknown
                          Preview:.E..B...B...B..B..B..webmB...B....S.g......:..M.t.M..S...I.fS..nM..S...T.kS...M..S...C.uS...M..S...S.kS...8................................................I.f.*...B@D..E...M..Unity VP8VideoMedia 2019.3.4f1 (4f139db2fdbd)WA.vp8 v1.3.0.T.k.....s...........V_VP8........T...T...#..A...C.u......&A...c.....f...*................+.i....q@_:.s.].........'..._....o.........g........y..........{.%.!...+.?.......5...^......?..7....2.....?....!...!......A.".c...g.'............@.5.O.G./._C.w.;.K...'.f.~........?././......C.....O...1..},.)............=..................'..........._.....N=..wp...,|...A5....c...>.1)].{.a.a......Q..f.......c}..d..mY.c..i..3...A...U......>...J...R.C.-Cq,+`.Z.q....k..&..>.E..x..\...........u..6.Hh.'d./.I!.D.q...&..7..".$..zU..a.O....^...E.F....'..2....G...D.N.7..gk..ZF.e....0ff... .][..{...{....D.7...2..y..8...f.....w. ...L._..M.....0\...*6.8A..4...S.6......p&...o#....V"M..B.?gU......C.n..*.%0..=...,..y.....7.....m.Ce..Wi

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\sharedassets1.assets

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):20659020
                          Entropy (8bit):5.9593194950493515
                          Encrypted:false
                          SSDEEP:
                          MD5:FC04300E01AFFE9695CB94BD1BD5CF03
                          SHA1:053AFD49B30DFA5FC7186457F3A5054F63E30A5D
                          SHA-256:14EEA78B41B300C865ABEB6D00DE7DDB7673F6C9CF4318D250C54B27F0CDDCB8
                          SHA-512:CA78FFA5F657084AE5C3B8BC826EADE5A975278A16E10365F25D9211F81D2A6FFAB78A47F03D960065BD12D546B55DFAF0A5CD1FC6C40810211818153915DE8F
                          Malicious:false
                          Reputation:unknown
                          Preview:..~f.;;L......~.....2019.3.15f1......d...........q...\..|...q~.........q4m...)M...f..m.........d..W3{8Y.....+......kYK..z...g(....u0.......*.... ?n.Z... .1......Hk..].j...d0X..H........R......*CV.r/J............E...w...T......n._^..K..\.'..7YZ.........|..e........[..........+..y;............E.>....PB.a".........N..vB...............v...xI.B..7...4U.......m...nN.T....;\.!........0...$..nX`..y@...........y...G..,.a A......C.f......|.V.w:R......a]".. k.p..T.<U_......u..X@....m.a,...l........)......,...w.......2.=...y9'2...`x.......s..........+..........WP.N ..hBM.............-z6a.....:a`e........~........K.~.........[.+...g...$...6.r....(.h....`S\nR...gc..J...Amr..<?.r....<.n..k.u.k.P../....j.lT.Y....x..r....0.-(O.$i..SpG+._!c8....../.P.....dr......,{.m.D......Z_.....1e...Q..v.WV&r....:.....O2.O^..Z..6Q.9... ..../.#r.........fB.Kp{E.!...{q..+..O.5...mE<r....5...#....r4>s9...ro.ya.....^U..r....*...i.F.@J..!.............R.`....r....H....i...58.]..Q=...

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\sharedassets1.assets.resS

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):6540712
                          Entropy (8bit):6.0771794041322975
                          Encrypted:false
                          SSDEEP:
                          MD5:C1780FB5A331F4AB9C9EB9D311E6ECDB
                          SHA1:95E39A02A420E9DD71E32015FAC0905A4BD6EF75
                          SHA-256:1AA9FC70160D038AB95C25C540C6FF9595597188A10E46D55EA279E7279C00EE
                          SHA-512:02DFAACBFBE53E77B4AF527327D8EB6934021A17C8FAFCC34DF4FC9D51F5848F1F72B3E119F137891C4A0F51A684832AA4C2C947C80F7EE1636B48FCBD13F962
                          Malicious:false
                          Reputation:unknown
                          Preview:***.***.***.***.444.444.444.222.222.222.222.222.222.222.222.222.222.222.222.222.222.222.222.222.222.444.444.444.***.***.***.***.***.***.***.***.444.444.444.222.222.222.222.222.222.222.222.222.222.222.222.222.222.222.222.222.222.444.444.444.***.***.***.***.***.***.***.***.444.444.444'222.222.222.222.222.222.222.222.222.222.222.222.222.222.222.222.222.222.444'444.444.***.***.***.***.***.***.***.***.111.111r111.........................................................................111.111r111.***.***.***.***.***.***.***.***.222.........................................................................................222.***.***.***.***.222.222.222.222.................................................................................................111.111.111.111.333.333.333-111.................................................................................................111.333-333.333.222.222.222.............................................................................................

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\sharedassets2.assets

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):241720
                          Entropy (8bit):6.0624831223288185
                          Encrypted:false
                          SSDEEP:
                          MD5:8505B5192711DAADAE4887F092E9FE78
                          SHA1:291B10ADFD7CDDA16C010E55563B1B6541DAC5DD
                          SHA-256:87B38F3A98A58FB191FF3F4E3973969B705B8CE75FAA9D35C7A1A96419593F51
                          SHA-512:A0FCB3DEA4710D9F2F9CEC718DF9778F8B4A4F96ADFD86B86DDA5B9BFCC35BC6B322024014560ABA7BD81CEDDE8C1291DCC6638B4DBEFB0124D3CA4CDEB80F56
                          Malicious:false
                          Reputation:unknown
                          Preview:...J...8.......`....2019.3.15f1......!...........q...\..|...q~.........q4m...)M...f..m.........d..W3{8Y.....+......kYK..z...g(....u0.......*.... ?n.Z... .Z.........|..e..................E.>....PB.a".........N..vB...............v...xI.B..7...4U.......m...nN.T....;\.!........0...$..nX`..y@...........y...G..,.a A......C.f......|.V.w:.......WP.N ..hBM...........~........K.~.........[.+...g...$...6.r......W.#.`X.....<..:5.*.`Z(..e..IUr........<.T..Gig5o.h.9../r.R....lG..qr.......C.Ie.V..{.V?`.q.jkl../...L}..Or.........i...58.]..Q=.....M.U.9....r......*.55....F."....;...f...9 }..|r.........j.....{.J.1../.Bk..].X`}.>.fr......k..j:._..?4....J/.Bk..].X`}.>.fr......(.c.'..L.......w.....N..l.).J.r.......f.-.(0CD........;...\.....@,r........@...Jq....l.kw..%p.a4.._.s.@$r......Kc..s.m.X..N5>h./.Bk..].X`}.>.fr.......fO...m....?.6'q.jkl../...L}..Or.......T.-..Hu......[..=..&..i.iP)..r............|.3g.u..e.Z.#}G.+....g..zr......c(.(..........x.fEy.B^..e+B...r.....

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\sharedassets2.assets.resS

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):3505008
                          Entropy (8bit):6.141328487165076
                          Encrypted:false
                          SSDEEP:
                          MD5:34F5359EE5D7141420176BAED6254E33
                          SHA1:00EFE0315329B34EDE8C354CA1261413DFA64A9C
                          SHA-256:5BBFC90A753242AA721C467F5EB761B1F00DEF77D5D950BB9E39E2DA7A308186
                          SHA-512:3F3B89407D32054BEAB71E091108FA24CE2FC28BA92EF8C6DEE7977F1E43ABC7E783854DEFFAC7B177F0ECFDC6F8CFA96C58934D81830DEE1C508FEC91A17379
                          Malicious:false
                          Reputation:unknown
                          Preview:Hx.nu..............................n..d.+.......%........................#...............b......................a... ..9T.C....@. a.%.#.U.y...T....h..v...4..A.\......@.pR.R...[u*D....n{n..S.J.z. .....E.... .B`..h@..NC_.l.%x....z.\...5.B..+...h.xj..SL...........P........45.%.....H.d}F.C@.U....J+.......x.zm..{.T...Pa7.O..G....\....X.. '(..B."....Q...`..L...A.@.....ZUR........%D.D...D.Qj.H............%....V..<D....E,..H.d.E'.....m*..4.r!.k...?..)..(_@L.@b....RP.K.%.X..n...-...BLI..W.E...i.J....RA."6.D.."..I...M.+.(Ep.`...'v...F....4.nYz...YlR..!zT.(...xTP%XSKR.RJ.. 9a...AI,....X.../....8B.Gj. .D..R5C..l.U8...9a.....Aj.m.B...r.d.l$-..R.B.p.)$.K..."0....B%.(..-.^CV....H.#..E.V...!...K.. .kUf..Qr/.K.y......Z.,{BT.r).B.E.c.:..hDH........pDq.....7.Z.`?..n...D..........V...R..m9....:.FZ|/8.#.f.N.!0t.`4."9J.)`.&.l...........`I.n......6......n..4.l.L..VYJ..@_:..f.h.cZ.R..".Q......-.$Yy~,$.4.......tc.r..$.d.;@_...W...q..]...r..0....[i._6.zza..K>..!..l`..Z..G..[(..TjH9.VU..

                          C:\Program Files\Ortelia Curator\OrteliaCurator_Data\sharedassets3.assets

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):12968
                          Entropy (8bit):1.456045138022088
                          Encrypted:false
                          SSDEEP:
                          MD5:F47108A936DC4291F00203E93D113AC5
                          SHA1:01B15CF5896DB7665B9C3E0D09665C9CFB64F3F4
                          SHA-256:10552F340D7B8E600B738F9C54CB05BA29CE5417B94D7B06F1F0FE117A7F9DAF
                          SHA-512:D541315004B0AB4A705001D02B8AB802E0EEA249D38232AE0CA016993366815EA0BCE3C6D23011C26A98C8275BEDB51A8AA8009D3F921CEC090EBEF359A3E307
                          Malicious:false
                          Reputation:unknown
                          Preview:......2.............2019.3.15f1..................q...\..|...q~.+......kYK..z...g(....u.........N..vB...............v...xI.B..7...4U.......m...nN.T....;\.!........0...$..nX`..y@...........y...G..,.a r.........#..j.[....#`oK<8..Nv^ i..2..r......]......]c..0...yq.jkl../...L}..Or......i......,....r.(..q....... ..r............^W10K\yB.i_rJ.y....."Dw.&.................M...............P................... .......................k...............`...k...................g...............8...3...............p...k...................D...............(...D...............p...D...................D...................t...............x...........................................................(.......................................................................................................0...............H...0...............x...0...................0...................................`... ...................4...................................@... ...............`...4....... ...........4...

                          C:\Program Files\Ortelia Curator\Spaces\Default.ocs

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):2148131
                          Entropy (8bit):7.999908104570198
                          Encrypted:true
                          SSDEEP:
                          MD5:E92944EF8F1276B6B99EA1381F017C76
                          SHA1:0A002D83A7314C625F99AC2BBB9F7910CBF32252
                          SHA-256:8261A85A22B2C16C5AF329EFEA9252DC893048BA90440D1DC4D597BDA9ADF1F7
                          SHA-512:9E9D52C584C7B7F1FE59F964DC9DD813A870BD114CD7DC9602162C8AABBB8DC4C110FDA112DBD447F60F6204EE0DE20861C07B4AD608DA6B6F7E59FE9BB89276
                          Malicious:false
                          Reputation:unknown
                          Preview:UnityFS.....5.x.x.2019.3.15f1...... .#...Q.......C............ ..A..............BuildPlayer-Default.sharedAssets-..Q.>...5.Pault.].......\.QwM..(..BH.......G......Q.t....6..~.hl<()C....[Y-.>)....Z.Q..Y..6...g........G<%....i...]..`.,...<L.'....4.Gz_I.....e..g........Ra...m..v4.:.<O@PL...S...6P.. .h...I...W^Y.....H.d.m.J.h_....`..F.._.........rS.-t..T..=..R.C...L..._. ..^..j_..n...^...+w:....!.B.....{......._..N...t#{.f7.... ........>..n....^ub.S+..Gg..p.+.D....E+C...ad...a...#.pJ4.......4f"0..Q....1....N..K.[&...~..h..h.. BB.....*.5.R.......tR...zM....`..".8.......F...M;g.L.8.Lq.)Vx(.O*...(..i."..!.4.......;j6s..v.eF,.>.hi..l.^....3..L.Q.+....f..uNU...j,I...z...|..H.W.#.r.:c..g[.....E..#<.......2;. ..do.-Ii...d..>+{.Q.4.z.xG.t.....u...C.8g.d.a../...*....t|.......w...m...d...$K.V.1"(.Y....8a.j-$V....-....s;......a.<+......A>....d.r..<...v...Q..#.&1..?...c".7.....:sV.aY..>..o^..7..;..G,.[..>..i..E(..(.....,pZ....p...2.`./n..^9(...FB~.

                          C:\Program Files\Ortelia Curator\UnityCrashHandler64.exe

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                          Category:dropped
                          Size (bytes):1094600
                          Entropy (8bit):5.415348737237139
                          Encrypted:false
                          SSDEEP:
                          MD5:49EA482DBE2AB3DA2A0768821AB77B03
                          SHA1:5FB92038A616A267ACFE88550A577AA627E28017
                          SHA-256:320ABF0C8BC29A6139061FC5E950B10B301D056EF97C9E800B8AEC78745FAD50
                          SHA-512:E99F91B27BF30632227F9C55161E922F4E15D4A89833FCC7B7717ECD95D476C6E51EABE333F46B3DA57C06D468B03CAC4AF0B541469D9FA2150EAD54510537D5
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........p.R.............u.......u.......u..$............y.......y.......y.......u.......u..........m....x.......x.......x.......x......Rich............................PE..d...M..^.........."............................@....................................L.....`.............................................................(....P..,|......................T.......................(....................................................text............................... ..`.rdata..............................@..@.data....j.......(..................@....pdata..,|...P...~..................@..@.rsrc...(............j..............@..@.reloc..............................@..B................................................................................................................................................................................................................

                          C:\Program Files\Ortelia Curator\UnityPlayer.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                          Category:dropped
                          Size (bytes):25850312
                          Entropy (8bit):6.656537510994745
                          Encrypted:false
                          SSDEEP:
                          MD5:A66EC5509EE2F6947E26B0C7FBEE1FA7
                          SHA1:076E7F97FF57335D73E12B2A039B2ABD3BEB974C
                          SHA-256:F4C8A1E2E4757230DF9DAFCB2BA76F5C6AB9113388C65E5EF6A6D45963E1CE81
                          SHA-512:7FDC294D9614B8D5B93A2E5DAAC362C8B894C850F0AE1EADFB5E6D5D831CA3922C29FB3FBEC10C8B518E50C674EB0A53EA4C738B816285E74C646E0555F0DCC2
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...................................h...........!..L.!This program cannot be run in DOS mode....$.........U.....................................x................A......................Q.......o.....g...........N....................................................................................=.............Rich....................PE..d...~..^.........." .....DA...W.......:..................................................`..........................................jt.L...,kt.|....@..............Z.......P..8c....c.T.....................c.(.....c..............`A..............................text...@BA......DA................. ..`.rdata...@3..`A..B3..HA.............@..@.data.........t.......t.............@....pdata..............tx.............@..@.rodata..............2..............@..@_RDATA..0............>..............@..@.rsrc........@.....................@..@.reloc..8c...P...d..................@..B........................................................

                          C:\Program Files\Ortelia Curator\uninst.exe

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                          Category:dropped
                          Size (bytes):58718
                          Entropy (8bit):6.551457261923726
                          Encrypted:false
                          SSDEEP:
                          MD5:95E8BE2B960F1AEAA7F74B704D7FECDD
                          SHA1:60A20CD1BF83EB60E1C06EF78FD705BD286CD6A9
                          SHA-256:170B6874487F033EFC569DDDDD1134888DF9083D62B6C504B8A011C5B5D845C1
                          SHA-512:21C0A0466F7CFC7E7EAE1F7D1FC606A2363DA77626A7DBF64746D3698D90559E64416678F2B72E976A9A69AC7F760140DA656C5AE064B0A3B2FA12836A6A00C7
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F..v...F...@...F.Rich..F.........................PE..L...9.oZ.................d...|.......2............@.......................................@.................................4...........@K...........................................................................................................text....b.......d.................. ..`.rdata..T............h..............@..@.data....U...........|..............@....ndata...................................rsrc...@K.......L..................@..@................................................................................................................................................................................................................................................................................................................................................

                          C:\Program Files\Ortelia Curator\vc_redist.x64.exe

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                          Category:dropped
                          Size (bytes):14572000
                          Entropy (8bit):7.996598244898582
                          Encrypted:true
                          SSDEEP:
                          MD5:27B141AACC2777A82BB3FA9F6E5E5C1C
                          SHA1:3155CB0F146B927FCC30647C1A904CD162548C8C
                          SHA-256:5EEA714E1F22F1875C1CB7B1738B0C0B1F02AEC5ECB95F0FDB1C5171C6CD93A3
                          SHA-512:7789EABB6DD4A159BB899D2E6D6DF70ADDB3DF239BDA6F9EAD8C1D2A2AC2062FCE3A495814B48A3C2BEC12F13800AD0703E2C61C35158B0912011B914F098011
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........-.}}~.}}~.}}~...~.}}~...~.}}~...~.}}~...~.}}~.}|~.|}~...~.}}~...~.}}~.}.~.}}~...~.}}~Rich.}}~........PE..L....S.T.....................6....................@..........................P...........@..................................6..@........9..........(....>......03.. .......................H/......./..@............................................text............................... ..`.rdata.............................@..@.data....0...`.......:..............@....wixburn8............J..............@..@.tls.................L..............@....rsrc....9.......:...N..............@..@.reloc...D.......F..................@..B................................................................................................................................................................................................................................................

                          C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ortelia Curator\Ortelia Curator.lnk

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Mar 3 23:58:48 2022, mtime=Thu Apr 25 00:15:24 2024, atime=Thu Mar 3 23:58:48 2022, length=650752, window=hide
                          Category:dropped
                          Size (bytes):950
                          Entropy (8bit):4.4659122904477
                          Encrypted:false
                          SSDEEP:
                          MD5:4A5D3FCBA91304E983742B68CD35827D
                          SHA1:4A973E71697FD3BAA412C9CCB47AE4BE2282527D
                          SHA-256:F2D5953CA6F4276A6681F1284E8912E75F1A4EF2087D29C68E61F21279128EAE
                          SHA-512:732045144B0909E0ABEB9576F2B96F27316C73E4E5F19FADB715044A4F5711D8A69B408B7A280B6A7F0253892618C12960F2087BF53338D7D845C8BDDCF7DA9A
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.... .....r.c/..."........r.c/...............................P.O. .:i.....+00.../C:\.....................1......X....PROGRA~1..t......O.I.X......B...............J.......R.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1......X....ORTELI~1..P......X...X......%....................../.O.r.t.e.l.i.a. .C.u.r.a.t.o.r.....r.2.....dTX. .ORTELI~1.EXE..V......dTX..X......i.........................O.r.t.e.l.i.a.C.u.r.a.t.o.r...e.x.e.......b...............-.......a............<.......C:\Program Files\Ortelia Curator\OrteliaCurator.exe..B.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.O.r.t.e.l.i.a. .C.u.r.a.t.o.r.\.O.r.t.e.l.i.a.C.u.r.a.t.o.r...e.x.e. .C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.O.r.t.e.l.i.a. .C.u.r.a.t.o.r.`.......X.......887849...........hT..CrF.f4... ..............%..hT..CrF.f4... ..............%.E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                          C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ortelia Curator\Uninstall.lnk

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                          Category:dropped
                          Size (bytes):623
                          Entropy (8bit):2.8097824442159105
                          Encrypted:false
                          SSDEEP:
                          MD5:C503EF8DE555BE3A7BE5F05728B7145F
                          SHA1:B239D23103B3BBFF7D0C2C86403D5802A6A02A57
                          SHA-256:402BC6EAE068F6628B407A90020D9B75A81224A56FD7CE23F0E832BF8CAA714A
                          SHA-512:5C1EC2F87D6758609E7807F14F67D6D57A894BAC46F7FB3E215194932AAD6E5AB5CFB49DA46BD2AFD3E4C6C8BDFBF863E1418D414A9D2BB7CEE35924429BA52F
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F........................................................e....P.O. .:i.....+00.../C:\...................h.1...........Program Files.L............................................P.r.o.g.r.a.m. .F.i.l.e.s.....n.1...........Ortelia Curator.P............................................O.r.t.e.l.i.a. .C.u.r.a.t.o.r.....`.2...........uninst.exe..F............................................u.n.i.n.s.t...e.x.e.......:.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.O.r.t.e.l.i.a. .C.u.r.a.t.o.r.\.u.n.i.n.s.t...e.x.e. .C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.O.r.t.e.l.i.a. .C.u.r.a.t.o.r.....

                          C:\Users\Public\Desktop\Ortelia Curator.lnk

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Mar 3 23:58:48 2022, mtime=Thu Apr 25 00:15:33 2024, atime=Thu Mar 3 23:58:48 2022, length=650752, window=hide
                          Category:dropped
                          Size (bytes):932
                          Entropy (8bit):4.472844265050472
                          Encrypted:false
                          SSDEEP:
                          MD5:08DE7B2E0F4F03D45603D629DDC090AF
                          SHA1:E204D28CB6D6405FC7C2A659FA73D195379ED348
                          SHA-256:4B114C8060A2EB3304602A86D7D9E813BC4A6DDBFD09F69D61141FA13B80DCAF
                          SHA-512:AAFD364D0F226397D832E30718D0B96FC0D305D5EB48A1BF3B59EC05A5EAB1D0DBAB8919162F8A3505B317641FB8C613BBDDF80E8A01B63BEC7F2770B6E9C92E
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.... .....r.c/...'9.......r.c/...............................P.O. .:i.....+00.../C:\.....................1......X....PROGRA~1..t......O.I.X......B...............J.......R.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1......X....ORTELI~1..P......X...X......%.........................O.r.t.e.l.i.a. .C.u.r.a.t.o.r.....r.2.....dTX. .ORTELI~1.EXE..V......dTX..X......i.........................O.r.t.e.l.i.a.C.u.r.a.t.o.r...e.x.e.......b...............-.......a............<.......C:\Program Files\Ortelia Curator\OrteliaCurator.exe..9.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.O.r.t.e.l.i.a. .C.u.r.a.t.o.r.\.O.r.t.e.l.i.a.C.u.r.a.t.o.r...e.x.e. .C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.O.r.t.e.l.i.a. .C.u.r.a.t.o.r.`.......X.......887849...........hT..CrF.f4... ..............%..hT..CrF.f4... ..............%.E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                          C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20240425031534.log

                          Download File
                          Process:C:\Program Files\Ortelia Curator\vc_redist.x64.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):6499
                          Entropy (8bit):5.427447552735552
                          Encrypted:false
                          SSDEEP:
                          MD5:CAAB590072F78A524184968472F65BEB
                          SHA1:B104308851D68AAF24FB4C70B46C22E3B313F0B0
                          SHA-256:EA50FF97DDF598EEB574F1B4919AAB58F05E19240197CA27A55797B734B44161
                          SHA-512:4EF028CDBF81886BD19A54489AF5480F1C2214E22AD0CDD77A0778629F711267210FED403A48056708070B4FA624246E0B911299846EAC127FBE66DBDCE515BD
                          Malicious:false
                          Reputation:unknown
                          Preview:[0504:0B2C][2024-04-25T03:15:33]i001: Burn v3.7.3813.0, Windows v10.0 (Build 19045: Service Pack 0), path: C:\Program Files\Ortelia Curator\vc_redist.x64.exe, cmdline: '/silent -burn.unelevated BurnPipe.{43283AE4-5BB8-44FA-9263-CFC3EA715B84} {2CADAC6A-0855-4F21-A415-28FC270B2FA9} 8188'..[0504:0B2C][2024-04-25T03:15:34]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20240425031534.log'..[0504:0B2C][2024-04-25T03:15:34]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Program Files\Ortelia Curator\vc_redist.x64.exe'..[0504:0B2C][2024-04-25T03:15:34]i000: Setting string variable 'WixBundleOriginalSourceFolder' to value 'C:\Program Files\Ortelia Curator\'..[0504:0B2C][2024-04-25T03:15:34]i000: Setting string variable 'WixBundleName' to value 'Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026'..[0504:0B2C][2024-04-25T03:15:34]i100: Detect begin, 10 packages..[0504:0B2C][2024-04-25T03:15:34]i000: File sea

                          C:\Users\user\AppData\Local\Temp\nsu8A79.tmp\AccessControl.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                          Category:dropped
                          Size (bytes):13312
                          Entropy (8bit):6.070204506937138
                          Encrypted:false
                          SSDEEP:
                          MD5:9E7D36EDCC188E166DEE9552017AC94F
                          SHA1:0378843FE1E7FB2AD97B8432FBDCB44FAA6FC48A
                          SHA-256:D52A83C2A8551CEBF48FF7A8D5930BE1873BCE990F855CCAB4D7479CFEB22E3D
                          SHA-512:92C31355CD124BA28C0FF9AA8FA34D5DB9DB0B093EDB8978BC3CF94E1F72D526603D5D5C1E221DCB2AC6648BC420F4DF9847C2B1E71046384D827814A77D1783
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......wR..33..33..33..g.O.23......43..33~..3......23......23......23..Rich33..........PE..L.....S...........!.....*..........42.......@...............................`.......................................6.......2..P............................P..X....................................................................................text....).......*.................. ..`.data...\....@......................@....reloc.......P.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Local\Temp\nsu8A79.tmp\InstallOptions.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                          Category:dropped
                          Size (bytes):14848
                          Entropy (8bit):5.560334865276154
                          Encrypted:false
                          SSDEEP:
                          MD5:8D5A5529462A9BA1AC068EE0502578C7
                          SHA1:875E651E302CE0BFC8893F341CF19171FEE25EA5
                          SHA-256:E625DCD0188594B1289891B64DEBDDEB5159ACA182B83A12675427B320BF7790
                          SHA-512:101DA2C33F47BD85B8934318E0F0B72F820AFC928A2A21E2C7823875E3A0E830F7C67F42B4C2F30596EAA073617790C89700C0D95B7949EC617E52800B61D462
                          Malicious:false
                          Antivirus:
                          • Antivirus: ReversingLabs, Detection: 0%
                          • Antivirus: Virustotal, Detection: 0%, Browse
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.p|.q./.q./.q./.q./Bq./.~C/.q./\R./.q./\R//.q./.w./.q./.Q./.q./Rich.q./........................PE..L.....oZ...........!.........<.......).......0............................................@......................... 8..p...<1.......p..........................D....................................................0..<............................text...K........................... ..`.rdata.......0....... ..............@..@.data... (...@.......*..............@....rsrc........p.......2..............@..@.reloc..B............4..............@..B........................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Local\Temp\nsu8A79.tmp\UserInfo.dll

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                          Category:dropped
                          Size (bytes):4096
                          Entropy (8bit):3.2896406395237476
                          Encrypted:false
                          SSDEEP:
                          MD5:DADA3E1836AF78D5B24499DA252D01E4
                          SHA1:D2A1C25405E3C74973CF18DEC2C7138DF9E96A83
                          SHA-256:0073337816509851476C2CC154F471A3E3A1A2806B97C363870ACC09A30A5ED7
                          SHA-512:F8BDA8413DADB00A644341DA5E076F203A3134DAAEFD2961FA0341F5A533EEE28582CE9872354EAD698BB1275EE7726FA574267E909A3E2F977908392E7A5C66
                          Malicious:false
                          Antivirus:
                          • Antivirus: ReversingLabs, Detection: 0%
                          • Antivirus: Virustotal, Detection: 0%, Browse
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K..................[.........Rich..........................PE..L.....oZ...........!................i........ ...............................P............@......................... "......L ..<............................@..p.................................................... ..L............................text............................... ..`.rdata....... ......................@..@.data...x....0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Local\Temp\nsu8A79.tmp\ioSpecial.ini

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:Generic INItialization configuration [Field 1]
                          Category:modified
                          Size (bytes):690
                          Entropy (8bit):5.346413806773599
                          Encrypted:false
                          SSDEEP:
                          MD5:4254899D88F343B95F1BC71E7EE69FD3
                          SHA1:FC83E809786F6FA92FDACF736A59E41741D748B6
                          SHA-256:C0F492BC5651A1FA043D2B325455A318129F8AFF945F5C8CF69F9AE9D50B67B9
                          SHA-512:2AC322575BE71D78D91C7F977756923819453E5A9E92FC7ACB417497885AD3C8FF40DFCB283947E49A5063FEBF3B30F2914AA9BEC9279DB5A8E8FAB4037B4619
                          Malicious:false
                          Reputation:unknown
                          Preview:[Settings]..Rect=1044..NumFields=4..RTL=0..NextButtonText=&Finish..CancelEnabled=..State=0..[Field 1]..Type=bitmap..Left=0..Right=109..Top=0..Bottom=193..Flags=RESIZETOFIT..Text=C:\Users\user\AppData\Local\Temp\nsu8A79.tmp\modern-wizard.bmp..HWND=590612..[Field 2]..Type=label..Left=120..Right=315..Top=10..Text=Completing Ortelia Curator 2022.1.0.1 Setup..Bottom=38..HWND=328428..[Field 3]..Type=label..Left=120..Right=315..Top=45..Bottom=85..Text=Ortelia Curator 2022.1.0.1 has been installed on your computer.\r\n\r\nClick Finish to close Setup...HWND=328440..[Field 4]..Type=CheckBox..Text=&Run Ortelia Curator 2022.1.0.1..Left=120..Right=315..Top=90..Bottom=100..State=1..HWND=393970..

                          C:\Users\user\AppData\Local\Temp\nsu8A79.tmp\modern-wizard.bmp

                          Download File
                          Process:C:\Users\user\Downloads\CuratorSetup.exe
                          File Type:PC bitmap, Windows 3.x format, 164 x 314 x 4, image size 26376, resolution 2834 x 2834 px/m, cbSize 26494, bits offset 118
                          Category:dropped
                          Size (bytes):26494
                          Entropy (8bit):1.9568109962493656
                          Encrypted:false
                          SSDEEP:
                          MD5:CBE40FD2B1EC96DAEDC65DA172D90022
                          SHA1:366C216220AA4329DFF6C485FD0E9B0F4F0A7944
                          SHA-256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
                          SHA-512:62990CB16E37B6B4EFF6AB03571C3A82DCAA21A1D393C3CB01D81F62287777FB0B4B27F8852B5FA71BC975FEAB5BAA486D33F2C58660210E115DE7E2BD34EA63
                          Malicious:false
                          Reputation:unknown
                          Preview:BM~g......v...(.......:............g..................................................................................DDD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@..DDD....DDDDDD........................................DDDDDDDDDD....DDDDDDDDD........DD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDD@@@@DDDDDDDDDD@@@@@@D..DD....DDDDDDD......................................DDDDDDDDDD....DDDDDDDDDD......D..D@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@DDD..D.....DDDDDD......................................DDDDDDDDD.....DDDDDDDDD......DDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@@DDDD.......DDDDDD.....................................DDDDDDDDDD....DDDDDDDDDD.....DDDDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@DDDDDD.......DDDDDD....................................DDDDDDDDD....DDDDDDDDDD......DDDDDD..@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

                          C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1028\license.rtf

                          Download File
                          Process:C:\Program Files\Ortelia Curator\vc_redist.x64.exe
                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                          Category:dropped
                          Size (bytes):19250
                          Entropy (8bit):3.864921893310236
                          Encrypted:false
                          SSDEEP:
                          MD5:EFA0E0316DBE1D01B04DB8AE55216E89
                          SHA1:99E9A3879E14465D3ABE47E03A0EB52ECB7C1FCC
                          SHA-256:D5147EE2BA7826D5B68E0DC10FC2AC95079F89C38264C5648D924DEC9290D085
                          SHA-512:B544D5C585981DDADF1822403FFF5A4765031C2B484AB88A821C626B88CA3286269B1914E2F39B7D25AE748B69C8BC8D5CE7141BF72ACACC09E1888F623C3E38
                          Malicious:false
                          Reputation:unknown
                          Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\fswiss\fprq2\fcharset0 Tahoma;}{\f1\froman\fprq2\fcharset136 PMingLiU;}{\f2\fswiss\fprq2\fcharset0 Segoe UI;}{\f3\froman\fprq2\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue0;\red0\green0\blue255;}..{\stylesheet{ Normal;}{\s1 heading 1;}{\s2 heading 2;}}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\sb120\sa120\cf1\b\f0\fs20 MICROSOFT \f1\'b3\'6e\'c5\'e9\'b1\'c2\'c5\'76\'b1\'f8\'b4\'da\f0\par..\pard\brdrb\brdrs\brdrw10\brsp20 \sb120\sa120 MICROSOFT VISUAL STUDIO 2015 \f1\'a5\'5b\'ad\'c8\'a1\'42\f0 VISUAL STUDIO SHELL \f1\'a9\'4d\f0 C++ REDISTRIBUTABLE\par..\pard\sb120\sa120\b0\f1\'a5\'bb\'b1\'c2\'c5\'76\'b1\'f8\'b4\'da\'ac\'4f\'a1\'40\'b6\'51\'a5\'ce\'a4\'e1\'bb\'50\f0 Microsoft Corporation (\f1\'a9\'ce\'a8\'e4\'c3\'f6\'ab\'59\'a5\'f8\'b7\'7e\'a1\'41\'b5\'f8\'a1\'40\'b6\'51\'a5\'ce\'a4\'e1\'a9\'d2\'a9\'7e\'a6\'ed\'aa\'ba\'a6\'61\'c2\'49\'a6\'d3\'a9\'77\f0 ) \f1\'a4\'a7\'b6\'a1\'a6\'a8\'a5\'df\'aa\'ba

                          C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1028\thm.wxl

                          Download File
                          Process:C:\Program Files\Ortelia Curator\vc_redist.x64.exe
                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):2980
                          Entropy (8bit):6.163758160900388
                          Encrypted:false
                          SSDEEP:
                          MD5:472ABBEDCBAD24DBA5B5F5E8D02C340F
                          SHA1:974F62B5C2E149C3879DD16E5A9DBB9406C3DB85
                          SHA-256:8E2E660DFB66CB453E17F1B6991799678B1C8B350A55F9EBE2BA0028018A15AD
                          SHA-512:676E29378AAED25DE6008D213EFA10D1F5AAD107833E218D71F697E728B7B5B57DE42E7A910F121948D7B1B47AB4F7AE63F71196C747E8AE2B4827F754FC2699
                          Malicious:false
                          Reputation:unknown
                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLouserzation Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">....</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ................. ......................../passive | /quiet - .... UI ........... UI.... ........... UI ........../norestart - ................UI ............./log log.txt - .........

                          C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1029\license.rtf

                          Download File
                          Process:C:\Program Files\Ortelia Curator\vc_redist.x64.exe
                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                          Category:dropped
                          Size (bytes):11775
                          Entropy (8bit):5.279979878308355
                          Encrypted:false
                          SSDEEP:
                          MD5:FD8353F3BC88A47B8880B59A5DAD3F03
                          SHA1:22E908EF2DD80221CDE6C2BB1AE27099C5F5697D
                          SHA-256:2428E8BA8FC9648422333B6B4B92FB476741FC1022DE7CB59D030EC35CC21AC7
                          SHA-512:44FF2DF62CB7381EB247800CA4B9566747E1A7A2A2321A002D7F49681ECBC5E797C91B56EA80B99565D3ACFCD38DD1444C616A7E17F5F4D2923E6124E99EB7F0
                          Malicious:false
                          Reputation:unknown
                          Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\fnil\fcharset0 Segoe UI;}}..{\colortbl ;\red0\green0\blue0;\red0\green0\blue255;}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\b\f0\fs20 LICEN\u268?N\'cd PODM\'cdNKY PRO SOFTWARE SPOLE\u268?NOSTI MICROSOFT\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120 DOPL\u327?KY PRO MICROSOFT VISUAL STUDIO 2015, SOFTWARE VISUAL STUDIO SHELL A C++ REDISTRIBUTABLE\par..\pard\nowidctlpar\sb120\sa120\b0 Tyto licen\u269?n\'ed podm\'ednky p\u345?edstavuj\'ed smlouvu mezi spole\u269?nost\'ed Microsoft Corporation (nebo n\u283?kterou z\~jej\'edch afilac\'ed v\~z\'e1vislosti na tom, kde bydl\'edte) a\~v\'e1mi. Vztahuj\'ed se na v\'fd\'9ae uveden\'fd software. Podm\'ednky se rovn\u283?\'9e vztahuj\'ed na jak\'e9koli slu\'9eby Microsoft nebo aktualizace pro software, pokud se na slu\'9eby nebo aktualizace nevztahuj\'ed odli\'9an\'e9 podm\'ednky.\par..\pard\brdrt\brdrs\brdrw10\brsp20 \nowidc

                          C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1029\thm.wxl

                          Download File
                          Process:C:\Program Files\Ortelia Curator\vc_redist.x64.exe
                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):3333
                          Entropy (8bit):5.370651462060085
                          Encrypted:false
                          SSDEEP:
                          MD5:16343005D29EC431891B02F048C7F581
                          SHA1:85A14C40C482D9351271F6119D272D19407C3CE9
                          SHA-256:07FB3EC174F25DFBE532D9D739234D9DFDA8E9D34F01FE660C5B4D56989FA779
                          SHA-512:FF1AE9C21DCFB018DD4EC82A6D43362CB8C591E21F45DD1C25955D83D328B57C8D454BBE33FBC73A70DADF1DFB3AE27502C9B3A8A3FF2DA97085CA0D9A68AB03
                          Malicious:false
                          Reputation:unknown
                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLouserzation Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instala.n. program [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Opravdu chcete akci zru.it?</String>.. <String Id="HelpHeader">N.pov.da nastaven.</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [adres..] . Nainstaluje, oprav., odinstaluje nebo.. vytvo.. .plnou m.stn. kopii svazku v adres..i. V.choz. mo.nost. je instalace...../passive | /quiet . Zobraz. minim.ln. u.ivatelsk. rozhran. bez v.zev nebo nezobraz. ..dn. u.ivatelsk. rozhran. a.. ..dn. v.zvy. V.choz. mo.nost. je zobrazen. u.ivatelsk.ho rozhran. a v.ech v.zev...../noresta

                          C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1031\license.rtf

                          Download File
                          Process:C:\Program Files\Ortelia Curator\vc_redist.x64.exe
                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                          Category:dropped
                          Size (bytes):12146
                          Entropy (8bit):5.128850756720655
                          Encrypted:false
                          SSDEEP:
                          MD5:B4A1F60A329E18DD44C19F91E19E9A0D
                          SHA1:9A27B68A23BE4AA2CBD1F0F4D4616DF52A74134F
                          SHA-256:C017EDFE3B0D308E20FBF3DE8795FD4451A530475A2D0EE0824E166045EADFB7
                          SHA-512:D7E571B66271F82C275FE7B83C67679352B9B37AACBC13692346F8D56D01F4C61001B46C64F118F3165DE39B5F6DD625703996E1A181743BFDF2263F50707067
                          Malicious:false
                          Reputation:unknown
                          Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\fnil\fcharset0 Segoe UI;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue0;\red0\green0\blue255;}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\lang1031\b\f0\fs20 MICROSOFT-SOFTWARE-LIZENZBESTIMMUNGEN\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120 ADD-ONs ZU MICROSOFT VISUAL STUDIO 2015, VISUAL STUDIO SHELLS und C++ REDISTRIBUTABLE \par..\pard\nowidctlpar\sb120\sa120\b0 Diese Lizenzbestimmungen sind ein Vertrag zwischen Ihnen und der Microsoft Corporation (bzw. abh\'e4ngig von Ihrem Wohnsitz einem mit Microsoft verbundenem Unternehmen). Sie gelten f\'fcr die oben genannte Software. Die Bestimmungen gelten ebenso f\'fcr jegliche von Microsoft angebotenen Dienste oder Updates f\'fcr die Software, sofern diesen keine anderen Bestimmungen beiliegen.\par..\pard\brdrt\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120\b WENN SIE DIESE LIZENZBESTIMMUNGEN EINHALTEN, VERF\'dc

                          C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1031\thm.wxl

                          Download File
                          Process:C:\Program Files\Ortelia Curator\vc_redist.x64.exe
                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):3379
                          Entropy (8bit):5.094097800535488
                          Encrypted:false
                          SSDEEP:
                          MD5:561F3F32DB2453647D1992D4D932E872
                          SHA1:109548642FB7C5CC0159BEDDBCF7752B12B264C0
                          SHA-256:8E0DCA6E085744BFCBFF46F7DCBCFA6FBD722DFA52013EE8CEEAF682D7509581
                          SHA-512:CEF8C80BEF8F88208E0751305DF519C3D2F1C84351A71098DC73392EC06CB61A4ACA35182A0822CF6934E8EE42196E2BCFE810CC859965A9F6F393858A1242DF
                          Malicious:false
                          Reputation:unknown
                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLouserzation Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] - Setup</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">M.chten Sie den Vorgang wirklich abbrechen?</String>.. <String Id="HelpHeader">Setup-Hilfe</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [Verzeichnis] - installiert, repariert, deinstalliert oder.. erstellt eine vollst.ndige lokale Kopie des Bundles im Verzeichnis. Installieren ist die Standardeinstellung...../passive | /quiet - zeigt eine minimale Benutzeroberfl.che ohne Eingabeaufforderungen oder keine.. Benutzeroberfl.che und keine Eingabeaufforderungen an. Standardm..ig werden die Benutzeroberfl.che und alle Eingab

                          C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1036\license.rtf

                          Download File
                          Process:C:\Program Files\Ortelia Curator\vc_redist.x64.exe
                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                          Category:dropped
                          Size (bytes):12019
                          Entropy (8bit):5.040545489557448
                          Encrypted:false
                          SSDEEP:
                          MD5:6F70759DF32F212DBB65464258ECEEAF
                          SHA1:F8C597E00968431A66DCDD79A8DE95705976D39E
                          SHA-256:C7F03DA5D9A7F689B8DCBD507FF0B3FA98DABA55616F902E5E47E9839B753E1F
                          SHA-512:99309C17AF1A323AB905A3B610B46B9CE9201CF7083103D990CC4C6B509F28743D99A9BC17DFA7E89EDE4496BAC30FD86C9356ABA9F292BFBF591CE6B6B7EF3E
                          Malicious:false
                          Reputation:unknown
                          Preview:{\rtf1\fbidis\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\fnil\fcharset0 Segoe UI;}{\f1\fswiss\fprq2\fcharset177 Tahoma;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue0;\red0\green0\blue255;}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\ltrpar\nowidctlpar\sb120\sa120\lang1036\b\f0\fs20 TERMES DU CONTRAT DE LICENCE LOGICIEL MICROSOFT\par..\pard\brdrb\brdrs\brdrw10\brsp20 \ltrpar\nowidctlpar\sb120\sa120\lang1033 COMPL\'c9MENTS MICROSOFT VISUAL STUDIO\~2015, VISUAL STUDIO SHELL et C++ REDISTRIBUTABLE\par..\pard\ltrpar\nowidctlpar\sb120\sa120\lang1036\b0 Les pr\'e9sents termes du contrat de licence constituent un contrat entre Microsoft Corporation (ou en fonction du lieu o\'f9 vous vivez, l\rquote un de ses affili\'e9s) et vous. Ils s\rquote appliquent au logiciel vis\'e9 ci-dessus. Les termes s\rquote appliquent \'e9galement \'e0 tout service et \'e0 toute mise \'e0 jour Microsoft pour ce logiciel, \'e0 moins que d\rquote autres termes n\rquote accom

                          C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1036\thm.wxl

                          Download File
                          Process:C:\Program Files\Ortelia Curator\vc_redist.x64.exe
                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):3366
                          Entropy (8bit):5.0912204406356905
                          Encrypted:false
                          SSDEEP:
                          MD5:7B46AE8698459830A0F9116BC27DE7DF
                          SHA1:D9BB14D483B88996A591392AE03E245CAE19C6C3
                          SHA-256:704DDF2E60C1F292BE95C7C79EE48FE8BA8534CEB7CCF9A9EA68B1AD788AE9D4
                          SHA-512:FC536DFADBCD81B42F611AC996059A6264E36ECF72A4AEE7D1E37B87AEFED290CC5251C09B68ED0C8719F655B163AD0782ACD8CE6332ED4AB4046C12D8E6DBF6
                          Malicious:false
                          Reputation:unknown
                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLouserzation Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Installation de [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Voulez-vous vraiment annuler.?</String>.. <String Id="HelpHeader">Aide du programme d'installation</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installe, r.pare, d.sinstalle ou.. cr.e une copie locale compl.te du groupe dans le r.pertoire. Install est l'option par d.faut...../passive | /quiet - affiche une interface minimale, sans invite, ou n'affiche ni interface.. ni invite. Par d.faut, l'interface et toutes les invites sont affich.es...../norestart - supprime toutes les tentatives de red.

                          C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1040\license.rtf

                          Download File
                          Process:C:\Program Files\Ortelia Curator\vc_redist.x64.exe
                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                          Category:dropped
                          Size (bytes):11154
                          Entropy (8bit):4.973186760735321
                          Encrypted:false
                          SSDEEP:
                          MD5:1D07E27F97CE22A58780A04227BE6465
                          SHA1:2FCD519823F1664C59A959ACBEE37093EC94F62E
                          SHA-256:F1214784C57AA3323426AF64D132045970717994EBA500B25283684DC1ADEBAA
                          SHA-512:D66965269C9EA755266F9A76221528213648E2AA7AB2E6917BE356ECE279ACF69D0C1982FE3C4B8BD1BB79A094ABE98AE6578C6F6EC311D46CD2950390B23FCC
                          Malicious:false
                          Reputation:unknown
                          Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\fnil\fcharset0 Segoe UI;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue0;\red0\green0\blue255;}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\lang1040\b\f0\fs20 CONDIZIONI DI LICENZA SOFTWARE MICROSOFT\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120 ADD-ON DI MICROSOFT VISUAL STUDIO 2015, VISUAL STUDIO SHELL e C++ REDISTRIBUTABLE\par..\pard\nowidctlpar\sb120\sa120\b0 Le presenti condizioni di licenza costituiscono il contratto tra Microsoft Corporation (o, in base al luogo di residenza del licenziatario, una delle sue consociate) e il licenziatario, Le presenti condizioni si applicano al software di cui sopra. Le condizioni si applicano inoltre a qualsiasi servizio o aggiornamento di Microsoft relativo al software, a meno che questo non sia accompagnato da condizioni differenti.\par..\pard\brdrt\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120\b QUALORA IL LICENZI

                          C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1040\thm.wxl

                          Download File
                          Process:C:\Program Files\Ortelia Curator\vc_redist.x64.exe
                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):3319
                          Entropy (8bit):5.019774955491369
                          Encrypted:false
                          SSDEEP:
                          MD5:D90BC60FA15299925986A52861B8E5D5
                          SHA1:FADFCA9AB91B1AB4BD7F76132F712357BD6DB760
                          SHA-256:0C57F40CC2091554307AA8A7C35DD38E4596E9513E9EFAE00AC30498EF4E9BC2
                          SHA-512:11764D0E9F286B5AA7B1A9601170833E462A93A1E569A032FCBA9879174305582BD42794D4131B83FBCFBF1CF868A8D5382B11A4BD21F0F7D9B2E87E3C708C3F
                          Malicious:false
                          Reputation:unknown
                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLouserzation Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Installazione di [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Annullare?</String>.. <String Id="HelpHeader">Guida alla configurazione</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installa, ripara, disinstalla o.. crea una copia locale completa del bundle nella directory. L'opzione predefinita . Install...../passive | /quiet - visualizza un'interfaccia utente minima senza prompt oppure non visualizza alcuna interfaccia utente.. n. prompt. Per impostazione predefinita viene visualizzata l'intera interfaccia utente e tutti i prompt...../norestart - annulla quals

                          C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1041\license.rtf

                          Download File
                          Process:C:\Program Files\Ortelia Curator\vc_redist.x64.exe
                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                          Category:dropped
                          Size (bytes):32348
                          Entropy (8bit):3.6789762165847035
                          Encrypted:false
                          SSDEEP:
                          MD5:0D9DD57746D5609494B35314FA88FD93
                          SHA1:8A7A57681813AE27F9579427B086685143073D13
                          SHA-256:AC0D8E0EAAB1875909A6A6F106A37CD7468F87F71887A44263F5F0178F99C40B
                          SHA-512:E365C8416C70581BB31629B8EC62C6581539A80C7A4C06D489C64978D84C55B37DAC72C09D1A89A2344E07F0F59BEB4F371D9C78F92D9903F431B3F0B94BBAF8
                          Malicious:false
                          Reputation:unknown
                          Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\fswiss\fprq2\fcharset128 MS PGothic;}{\f1\fswiss\fprq2\fcharset0 Tahoma;}{\f2\froman\fprq2\fcharset0 Times New Roman;}{\f3\froman\fprq2\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue0;\red0\green0\blue255;}..{\stylesheet{ Normal;}{\s1 heading 1;}{\s2 heading 2;}}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\b\f0\fs20\'83\'7d\'83\'43\'83\'4e\'83\'8d\'83\'5c\'83\'74\'83\'67\f1 \f0\'83\'5c\'83\'74\'83\'67\'83\'45\'83\'46\'83\'41\f1 \f0\'83\'89\'83\'43\'83\'5a\'83\'93\'83\'58\'8f\'f0\'8d\'80\f2\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120\f1 MICROSOFT VISUAL STUDIO 2015 \f0\'83\'41\'83\'68\'83\'49\'83\'93\'81\'41\f1 VISUAL STUDIO SHELL\f0\'81\'41\'82\'a8\'82\'e6\'82\'d1\f1 C++ \f0\'8d\'c4\'94\'d0\'95\'7a\'89\'c2\'94\'5c\'83\'70\'83\'62\'83\'50\'81\'5b\'83\'57\f2\par..\pard\nowidctlpar\sb120\sa120\b0\f0\'83\'7d\'83\'43\'83\'4e\'83\'8d\'83\'5c\'83\'74\'83\'67\f1

                          C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1041\thm.wxl

                          Download File
                          Process:C:\Program Files\Ortelia Curator\vc_redist.x64.exe
                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):3959
                          Entropy (8bit):5.955167044943003
                          Encrypted:false
                          SSDEEP:
                          MD5:DC81ED54FD28FC6DB6F139C8DA1BDED6
                          SHA1:9C719C32844F78AAE523ADB8EE42A54D019C2B05
                          SHA-256:6B9BBF90D75CFA7D943F036C01602945FE2FA786C6173E22ACB7AFE18375C7EA
                          SHA-512:FD759C42C7740EE9B42EA910D66B0FA3F813600FD29D074BB592E5E12F5EC09DB6B529680E54F7943821CEFE84CE155A151B89A355D99C25A920BF8F254AA008
                          Malicious:false
                          Reputation:unknown
                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLouserzation Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.. <Control Control="InstallButton" X="275" Y="237" Width="110" Height="23"/>.. <Control Control="UninstallButton" X="270" Y="237" Width="120" Height="23"/>.. <Control Control="RepairButton" X="187" Y="237" Width="80" Height="23"/>.. .. <String Id="Caption">[WixBundleName] .......</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">..........</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ............ ......... .........................

                          C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1042\license.rtf

                          Download File
                          Process:C:\Program Files\Ortelia Curator\vc_redist.x64.exe
                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                          Category:dropped
                          Size (bytes):29329
                          Entropy (8bit):3.8105626152255763
                          Encrypted:false
                          SSDEEP:
                          MD5:F6E7A2A05EFB4413295C156A179578A3
                          SHA1:91036034CA0BBD9A30BFC0BC2045791D57E94005
                          SHA-256:DCEFD9B37D78F37ED8AAEF70AC2BFCDE441DCFB97469A6AA6AF89C1FFADBF814
                          SHA-512:029AA788A5B6E0194D5A52005CF0327C375196E54F7EBBCE2758A3E6684D6DDF6765519564C272ABF5EBEBEAA5A1B4B3C3F0DC9B5377DF151DCA825FEC02DBDF
                          Malicious:false
                          Reputation:unknown
                          Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\fswiss\fprq2\fcharset0 Tahoma;}{\f1\fswiss\fprq2\fcharset129 Gulim;}{\f2\froman\fprq2\fcharset0 Times New Roman;}{\f3\froman\fprq2\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue0;\red0\green0\blue255;}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\b\f0\fs20 MICROSOFT \f1\'bc\'d2\'c7\'c1\'c6\'ae\'bf\'fe\'be\'ee\f0 \f1\'bb\'e7\'bf\'eb\'b1\'c7\f0 \f1\'b0\'e8\'be\'e0\'bc\'ad\f2\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120\f0 MICROSOFT VISUAL STUDIO 2015 \f1\'c3\'df\'b0\'a1\f0 \f1\'b1\'e2\'b4\'c9\f0 , VISUAL STUDIO SHELL \f1\'b9\'d7\f0 C++ \f1\'c0\'e7\'b9\'e8\'c6\'f7\f0 \f1\'b0\'a1\'b4\'c9\f0 \f1\'c6\'d0\'c5\'b0\'c1\'f6\f0 \f2\par..\pard\nowidctlpar\sb120\sa120\b0\f1\'ba\'bb\f0 \f1\'bb\'e7\'bf\'eb\'b1\'c7\f0 \f1\'b0\'e8\'be\'e0\'c0\'ba\f0 Microsoft Corporation(\f1\'b6\'c7\'b4\'c2\f0 \f1\'b0\'c5\'c1\'d6\f0 \f1\'c1\'f6\'bf\'aa\'bf\'a1\

                          C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1042\thm.wxl

                          Download File
                          Process:C:\Program Files\Ortelia Curator\vc_redist.x64.exe
                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):3249
                          Entropy (8bit):5.985100495461761
                          Encrypted:false
                          SSDEEP:
                          MD5:B3399648C2F30930487F20B50378CEC1
                          SHA1:CA7BDAB3BFEF89F6FA3C4AAF39A165D14069FC3D
                          SHA-256:AD7608B87A7135F408ABF54A897A0F0920080F76013314B00D301D6264AE90B2
                          SHA-512:C5B0ECF11F6DADF2E68BC3AA29CC8B24C0158DAE61FE488042D1105341773166C9EBABE43B2AF691AD4D4B458BF4A4BF9689C5722C536439CA3CDC84C0825965
                          Malicious:false
                          Reputation:unknown
                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLouserzation Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] .. ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">.. ...</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - ..... ... .. .. .... .., .., .. .... ...... ... .........../passive | /quiet - .... .. .. UI. ..... UI ... ..... .... ..... ..... UI. .. ..... ........../norestart - .. .... .. .... ...

                          C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1045\license.rtf

                          Download File
                          Process:C:\Program Files\Ortelia Curator\vc_redist.x64.exe
                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                          Category:dropped
                          Size (bytes):13213
                          Entropy (8bit):5.403831385196401
                          Encrypted:false
                          SSDEEP:
                          MD5:A0D88589A339E57E412AB01E763D6A27
                          SHA1:E4B954832036D98943F2380DCCE636473A84F9D5
                          SHA-256:898D5CA01A3271D97350D06A6CCDB8803A176BB42BAF7E2C8F76C9037235CA8E
                          SHA-512:504E3939E96EC78E59ECDA356B463B2E54AEB94026B97669428730ACB202D73DB510FC9C6B5060AC48DD564E0DD9896E1B65AB7E1D30C58C9F2A954CB585D704
                          Malicious:false
                          Reputation:unknown
                          Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\fnil\fcharset0 Segoe UI;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue0;\red0\green0\blue255;}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\b\f0\fs20 POSTANOWIENIA LICENCYJNE DOTYCZ\u260?CE OPROGRAMOWANIA MICROSOFT\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120 DODATKI DO MICROSOFT VISUAL STUDIO 2015, VISUAL STUDIO SHELL oraz PAKIET REDYSTRYBUCYJNY C++ \par..\pard\nowidctlpar\sb120\sa120\b0 Niniejsze postanowienia licencyjne stanowi\u261? umow\u281? mi\u281?dzy Microsoft Corporation (lub, w zale\u380?no\u347?ci od miejsca zamieszkania Licencjobiorcy, jednym z podmiot\'f3w stowarzyszonych Microsoft Corporation) a Licencjobiorc\u261?. Postanowienia te dotycz\u261? oprogramowania okre\u347?lonego powy\u380?ej. Niniejsze postanowienia maj\u261? r\'f3wnie\u380? zastosowanie do wszelkich us\u322?ug i aktualizacji Microsoft dla niniejszego oprogramowania, z wyj\u26

                          C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1045\thm.wxl

                          Download File
                          Process:C:\Program Files\Ortelia Curator\vc_redist.x64.exe
                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):3212
                          Entropy (8bit):5.268378763359481
                          Encrypted:false
                          SSDEEP:
                          MD5:15172EAF5C2C2E2B008DE04A250A62A1
                          SHA1:ED60F870C473EE87DF39D1584880D964796E6888
                          SHA-256:440B309FCDF61FFC03B269FE3815C60CB52C6AE3FC6ACAD14EAC04D057B6D6EA
                          SHA-512:48AA89CF4A0B64FF4DCB82E372A01DFF423C12111D35A4D27B6D8DD793FFDE130E0037AB5E4477818A0939F61F7DB25295E4271B8B03F209D8F498169B1F9BAE
                          Malicious:false
                          Reputation:unknown
                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLouserzation Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instalator [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Czy na pewno chcesz anulowa.?</String>.. <String Id="HelpHeader">Instalator . Pomoc</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [katalog] - Instaluje, naprawia, odinstalowuje.. lub tworzy pe.n. lokaln. kopi. pakietu w katalogu. Domy.lnie jest u.ywany prze..cznik install...../passive | /quiet - Wy.wietla ograniczony interfejs u.ytkownika bez monit.w albo nie wy.wietla ani interfejsu u.ytkownika,.. ani monit.w. Domy.lnie jest wy.wietlany interfejs u.ytkownika oraz wszystkie monity...../norestart - Pom

                          C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1046\license.rtf

                          Download File
                          Process:C:\Program Files\Ortelia Curator\vc_redist.x64.exe
                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                          Category:dropped
                          Size (bytes):10200
                          Entropy (8bit):5.026102753317644
                          Encrypted:false
                          SSDEEP:
                          MD5:137A9579BA2E02EBB87817440FCBDCB9
                          SHA1:FE033A175D4F0C766B95D67D5DA933C608323159
                          SHA-256:42DC678EF9D5E4E147BF178FFE2FA3CD4BBBF9C904872B4E344D8BB22C473ED5
                          SHA-512:601D98C7994EA569CF5D0C74D4357503773CCE1EC1D1701FC363FB66AA003C968900CD56A0702B3E8661DA157367755B40D473FA870800936B02980B021931C8
                          Malicious:false
                          Reputation:unknown
                          Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\fnil\fcharset0 Segoe UI;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue0;\red0\green0\blue255;}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\lang1046\b\f0\fs20 TERMOS DE LICEN\'c7A PARA SOFTWARE MICROSOFT\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120 COMPLEMENTOS DO MICROSOFT VISUAL STUDIO 2015, VISUAL STUDIO SHELLS e C++ REDISTRIBUTABLE \par..\pard\nowidctlpar\sb120\sa120\b0 Os presentes termos de licen\'e7a constituem um acordo entre a Microsoft Corporation (ou, dependendo do local no qual voc\'ea esteja domiciliado, uma de suas afiliadas) e voc\'ea. Eles se aplicam ao software indicado acima. Os termos tamb\'e9m se aplicam a quaisquer servi\'e7os ou atualiza\'e7\'f5es da Microsoft para o software, exceto at\'e9 a extens\'e3o de que eles tenham termos diferentes.\par..\pard\brdrt\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120\b SE VOC\'ca CONCORDAR COM ESTE

                          C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1046\thm.wxl

                          Download File
                          Process:C:\Program Files\Ortelia Curator\vc_redist.x64.exe
                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):3095
                          Entropy (8bit):5.150868216959352
                          Encrypted:false
                          SSDEEP:
                          MD5:BE27B98E086D2B8068B16DBF43E18D50
                          SHA1:6FAF34A36C8D9DE55650D0466563852552927603
                          SHA-256:F52B54A0E0D0E8F12CBA9823D88E9FD6822B669074DD1DC69DAD6553F7CB8913
                          SHA-512:3B7C773EF72D40A8B123FDB8FC11C4F354A3B152CF6D247F02E494B0770C28483392C76F3C222E3719CF500FE98F535014192ACDDD2ED9EF971718EA3EC0A73E
                          Malicious:false
                          Reputation:unknown
                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLouserzation Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] Instala..o</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Tem certeza de que deseja cancelar?</String>.. <String Id="HelpHeader">Ajuda da Instala..o</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [diret.rio - instala, repara, desinstala ou.. cria uma c.pia local completa do pacote no diret.rio. Install . o padr.o..../passive | /quiet - exibe a IU m.nima sem nenhum prompt ou n.o exibe nenhuma IU e.. nenhum prompt. Por padr.o, a IU e todos os prompts s.o exibidos...../norestart - suprime qualquer tentativa de reiniciar. Por padr.o, a IU perguntar. antes de reiniciar

                          C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1049\license.rtf

                          Download File
                          Process:C:\Program Files\Ortelia Curator\vc_redist.x64.exe
                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                          Category:dropped
                          Size (bytes):54812
                          Entropy (8bit):3.5769726207436507
                          Encrypted:false
                          SSDEEP:
                          MD5:EFF73C35DB2D6AC9F29D1B633C984A95
                          SHA1:05E1A450FD077607612AA0506143140CCC8017B9
                          SHA-256:F00A2A67106CA3BADB4C233951A262EC0A9BBA3151E1D8DA0362DCADA7928DCD
                          SHA-512:1D89C50B2B2EA63DD464268DAB4272991D51E2D27A407440585BE855D86E06B5982F685D797E8F7917E75512F72CC1496FF5F21466B4A649ABA43458D8DBE8B8
                          Malicious:false
                          Reputation:unknown
                          Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\fnil\fcharset0 Segoe UI;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue0;\red0\green0\blue255;}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\b\f0\fs20\u1059?\u1057?\u1051?\u1054?\u1042?\u1048?\u1071? \u1051?\u1048?\u1062?\u1045?\u1053?\u1047?\u1048?\u1054?\u1053?\u1053?\u1054?\u1043?\u1054? \u1057?\u1054?\u1043?\u1051?\u1040?\u1064?\u1045?\u1053?\u1048?\u1071? \u1053?\u1040? \u1048?\u1057?\u1055?\u1054?\u1051?\u1068?\u1047?\u1054?\u1042?\u1040?\u1053?\u1048?\u1045? \u1055?\u1056?\u1054?\u1043?\u1056?\u1040?\u1052?\u1052?\u1053?\u1054?\u1043?\u1054? \u1054?\u1041?\u1045?\u1057?\u1055?\u1045?\u1063?\u1045?\u1053?\u1048?\u1071? MICROSOFT\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120\u1044?\u1054?\u1055?\u1054?\u1051?\u1053?\u1048?\u1058?\u1045?\u1051?\u1068?\u1053?\u1067?\u1045? \u1050?\u1054?\u1052?\u1055?\u1054?\u1053?\u1045?\u1053?\u1058?\u1067? MICROSOFT VI

                          C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1049\thm.wxl

                          Download File
                          Process:C:\Program Files\Ortelia Curator\vc_redist.x64.exe
                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):4150
                          Entropy (8bit):5.444436038992627
                          Encrypted:false
                          SSDEEP:
                          MD5:17C652452E5EE930A7F1E5E312C17324
                          SHA1:59F3308B87143D8EA0EA319A1F1A1F5DA5759DD3
                          SHA-256:7333BC8E52548821D82B53DBD7D7C4AA1703C85155480CB83CEFD78380C95661
                          SHA-512:53FD207B96D6BCF0A442E2D90B92E26CBB3ECC6ED71B753A416730E8067E831E9EB32981A9E9368C4CCA16AFBCB2051483FDCFC474EA8F0D652FCA934634FBE8
                          Malicious:false
                          Reputation:unknown
                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLouserzation Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.. <Control Control="InstallButton" X="275" Y="237" Width="110" Height="23"/>.... <String Id="Caption">......... ......... [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">....... .. .........</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [.......] - ........., .............., ........ ..... ........ ...... ......... ..... ...... . ......... .. ......... - ............../passive | /quiet - ........... ....

                          C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1055\license.rtf

                          Download File
                          Process:C:\Program Files\Ortelia Curator\vc_redist.x64.exe
                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                          Category:dropped
                          Size (bytes):12669
                          Entropy (8bit):5.215620365946286
                          Encrypted:false
                          SSDEEP:
                          MD5:362F60F539B629BF59021003F426583C
                          SHA1:C9DBA340889AAFD07996A8BFCAB7C14F404E07A6
                          SHA-256:1E602773F3071636E0F9C6B27037B7B4094DC26F7C2FABCDF3287BC9BCAA8652
                          SHA-512:10F475BB075EBC597CFE1D2333F9B4B26109FEC974E4517E9F77BC30D609ED47619F4347124274F85E9277B14EF52D7863D311BDC4176E7AE7FCB009420B15C1
                          Malicious:false
                          Reputation:unknown
                          Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\fnil\fcharset0 Segoe UI;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue0;\red0\green0\blue255;}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\b\f0\fs20 MICROSOFT YAZILIM L\u304?SANSI KO\u350?ULLARI\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120 MICROSOFT VISUAL STUDIO 2015 EKLENT\u304?LER\u304?, VISUAL STUDIO SHELLS ve C++ YEN\u304?DEN DA\u286?ITILAB\u304?L\u304?R \par..\pard\nowidctlpar\sb120\sa120\b0 Bu lisans ko\u351?ullar\u305?, Microsoft Corporation (veya ya\u351?ad\u305?\u287?\u305?n\u305?z yere g\'f6re bir ba\u287?l\u305? \u351?irketi) ile sizin aran\u305?zda yap\u305?lan s\'f6zle\u351?meyi olu\u351?turur. Bu ko\u351?ullar, yukar\u305?da ad\u305? ge\'e7en yaz\u305?l\u305?m i\'e7in ge\'e7erlidir. Ko\u351?ullar, yaz\u305?l\u305?m i\'e7in t\'fcm Microsoft hizmetleri veya g\'fcncelle\u351?tirmeleri i\'e7in, beraberlerinde farkl\u305? ko\u351?ullar bulunmad\

                          C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1055\thm.wxl

                          Download File
                          Process:C:\Program Files\Ortelia Curator\vc_redist.x64.exe
                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):3221
                          Entropy (8bit):5.280530692056262
                          Encrypted:false
                          SSDEEP:
                          MD5:DEFBEA001DC4EB66553630AC7CE47CCA
                          SHA1:90CED64EC7C861F03484B5D5616FDBCDA8F64788
                          SHA-256:E5ABE3CB3BF84207DAC4E6F5BBA1E693341D01AEA076DD2D91EAA21C6A6CB925
                          SHA-512:B3B7A22D0CDADA21A977F1DCEAF2D73212A4CDDBD298532B1AC97575F36113D45E8D71C60A6D8F8CC2E9DBF18EE1000167CFBF0B2E7ED6F05462D77E0BCA0E90
                          Malicious:false
                          Reputation:unknown
                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLouserzation Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] Kurulumu</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.ptal etmek istedi.inizden emin misiniz?</String>.. <String Id="HelpHeader">Kurulum Yard.m.</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [dizin] - y.kler, onar.r, kald.r.r ya da.. dizindeki paketin tam bir yerel kopyas.n. olu.turur. Varsay.lan install de.eridir...../passive | /quiet - en az d.zeyde istemsiz UI g.sterir ya da hi. UI g.stermez ve.. istem yoktur. Varsay.lan olarak UI ve t.m istemler g.r.nt.lenir...../norestart - yeniden ba.lama denemelerini engeller. Varsay.lan olarak UI yeniden ba.l

                          C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\2052\license.rtf

                          Download File
                          Process:C:\Program Files\Ortelia Curator\vc_redist.x64.exe
                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                          Category:dropped
                          Size (bytes):19329
                          Entropy (8bit):3.8703778033292844
                          Encrypted:false
                          SSDEEP:
                          MD5:31AFEC54446E496CE2A1D1CD3B257738
                          SHA1:E2B4F4CF493929AD01EDB33D9034F9129A15742E
                          SHA-256:63F463F0ACE41FA088ACFB70F501DB47E3B83600DB31538D8DABA010E6B83D42
                          SHA-512:8F2BC3343109CE6C0E3EF9E81CFFE96A70A56D5C5C28EE3ED2F933189818269C06A9DCF3B8783CC1AE0B379AA53A899CD6AAA59BE7A9E0F9E0D51E587A533829
                          Malicious:false
                          Reputation:unknown
                          Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\fnil\fprq2\fcharset134 SimSun;}{\f1\froman\fprq2\fcharset0 Times New Roman;}{\f2\fswiss\fprq2\fcharset0 Tahoma;}{\f3\froman\fprq2\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue0;\red0\green0\blue255;}..{\stylesheet{ Normal;}{\s1 heading 1;}{\s2 heading 2;}}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\b\f0\fs20\'ce\'a2\'c8\'ed\'c8\'ed\'bc\'fe\'d0\'ed\'bf\'c9\'cc\'f5\'bf\'ee\f1\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120\f2 MICROSOFT VISUAL STUDIO 2015 ADD-ON\f0\'a1\'a2\f2 VISUAL STUDIO SHELLS \f0\'ba\'cd\f2 C++ REDISTRIBUTABLE\par..\pard\nowidctlpar\sb120\sa120\b0\f0\'d5\'e2\'d0\'a9\'d0\'ed\'bf\'c9\'cc\'f5\'bf\'ee\'ca\'c7\'ce\'a2\'c8\'ed\'b9\'ab\'cb\'be\'a3\'a8\'bb\'f2\'c4\'fa\'cb\'f9\'d4\'da\'b5\'d8\'b5\'c4\'ce\'a2\'c8\'ed\'b9\'ab\'cb\'be\'b5\'c4\'b9\'d8\'c1\'aa\'b9\'ab\'cb\'be\'a3\'a9\'d3\'eb\'c4\'fa\'d6\'ae\'bc\'e4\'b4\'ef\'b3\'c9\'b5\'c4\'d0\'ad\'d2\'e9\

                          C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\2052\thm.wxl

                          Download File
                          Process:C:\Program Files\Ortelia Curator\vc_redist.x64.exe
                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):2978
                          Entropy (8bit):6.135205733555905
                          Encrypted:false
                          SSDEEP:
                          MD5:3D1E15DEEACE801322E222969A574F17
                          SHA1:58074C83775E1A884FED6679ACF9AC78ABB8A169
                          SHA-256:2AC8B7C19A5189662DE36A0581C90DBAD96DF259EC00A28F609B644C3F39F9CA
                          SHA-512:10797919845C57C5831234E866D730EBD13255E5BF8BA8087D53F1D0FC5D72DC6D5F6945DBEBEE69ACC6A2E20378750C4B78083AE0390632743C184532358E10
                          Malicious:false
                          Reputation:unknown
                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLouserzation Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">......</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [..] - .......... ..................Install ........../passive | /quiet - ..... UI ......... UI ... ........ UI ........../norestart - ..................... UI.../log log.txt - ............. %TEMP% ...

                          C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\3082\license.rtf

                          Download File
                          Process:C:\Program Files\Ortelia Curator\vc_redist.x64.exe
                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                          Category:dropped
                          Size (bytes):10616
                          Entropy (8bit):5.050611165428319
                          Encrypted:false
                          SSDEEP:
                          MD5:64F1444D27E3F3489F057E7280E9C973
                          SHA1:3DDC843D2021F62994C6ED35EBC8A193C4045994
                          SHA-256:55929413B6A530F8C4ACBB1E7EEE81FB9ED0BD64AF5CD26D6F5637CEDFAF0A2D
                          SHA-512:8D9AC8300C5A6815D2AFA02A54F23CB3A8B28192FA504C26F747FA3D4E70DEB55F8C19CA4ABF6E93856BCD1F1D9636A95E4E8F134D8D1E4ECC4081579F5B27CB
                          Malicious:false
                          Reputation:unknown
                          Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\fnil\fcharset0 Segoe UI;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue0;\red0\green0\blue255;}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\lang3082\b\f0\fs20 T\'c9RMINOS DE LICENCIA DEL SOFTWARE DE MICROSOFT\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120 COMPLEMENTOS DE MICROSOFT\~VISUAL\~STUDIO\~2015, SHELLS DE VISUAL\~STUDIO Y C++\~REDISTRIBUTABLE\par..\pard\nowidctlpar\sb120\sa120\b0 Los presentes t\'e9rminos de licencia constituyen un contrato entre Microsoft Corporation (o, en funci\'f3n de donde resida, una de sus filiales) y usted. Se aplican al software antes mencionado. Los t\'e9rminos tambi\'e9n se aplican a cualquier servicio o actualizaci\'f3n de Microsoft para el software, excepto en la medida que tengan t\'e9rminos diferentes.\par..\pard\brdrt\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120\b SI CUMPLE CON ESTOS T\'c9RMINOS DE LICENCIA, DISPONDR

                          C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\3082\thm.wxl

                          Download File
                          Process:C:\Program Files\Ortelia Curator\vc_redist.x64.exe
                          File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):3265
                          Entropy (8bit):5.0491645049584655
                          Encrypted:false
                          SSDEEP:
                          MD5:47F9F8D342C9C22D0C9636BC7362FA8F
                          SHA1:3922D1589E284CE76AB39800E2B064F71123C1C5
                          SHA-256:9CBB2B312C100B309A1B1495E84E2228B937612885F7A642FBBD67969B632C3A
                          SHA-512:E458DF875E9B0622AEBE3C1449868AA6A2826A1F851DB71165A872B2897CF870CCF85046944FF51FFC13BB15E54E9D9424EC36CAF5A2F38CE8B7D6DC0E9B2363
                          Malicious:false
                          Reputation:unknown
                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLouserzation Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instalaci.n de [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.Est. seguro de que desea cancelar la operaci.n?</String>.. <String Id="HelpHeader">Ayuda de configuraci.n</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - instala, repara, desinstala o.. crea una copia local completa del paquete en el directorio. La opci.n predeterminada es la instalaci.n...../passive | /quiet - muestra una IU m.nima sin solicitudes o no muestra ninguna IU ni.. solicitud. De forma predeterminada, se muestran la IU y todas las solicitudes...../norestart - elimina cualquier intento

                          C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\BootstrapperApplicationData.xml

                          Download File
                          Process:C:\Program Files\Ortelia Curator\vc_redist.x64.exe
                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (561), with CRLF line terminators
                          Category:dropped
                          Size (bytes):12352
                          Entropy (8bit):3.722986329159822
                          Encrypted:false
                          SSDEEP:
                          MD5:92606440AB8BA761A3E9B291F03D2181
                          SHA1:F1109649B5B2E692F69539F34BB21F12E50A7AD5
                          SHA-256:BF16D6BB90582A87EF4BCAE91948BFD04BC1AF5CA153F288917334AFFDEACA42
                          SHA-512:86FEF47891054873840DCEDBBCEA30C04B3DE559F3E5B9D49146EBF290AD4FBE26AB95E43696A0D2C8D8FB2815DAE20E4B27B9A382DDDB777E92FFDE3092C2FE
                          Malicious:false
                          Reputation:unknown
                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.x./.2.0.1.0./.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a.".>..... . .<.U.x.B.l.o.c.k.e.r. .S.h.o.r.t.N.a.m.e.=.".M.i.n.i.m.u.m.O.S.L.e.v.e.l.". .T.y.p.e.=.".S.t.o.p.". .C.o.n.d.i.t.i.o.n.=.".N.O.T.(.(.V.e.r.s.i.o.n.N.T. .&.g.t.;. .v.6...1.). .O.R. .(.V.e.r.s.i.o.n.N.T. .=. .v.6...1. .A.N.D. .S.e.r.v.i.c.e.P.a.c.k.L.e.v.e.l. .&.g.t.;.=. .1.).).". .D.i.s.p.l.a.y.T.e.x.t.=.".#.l.o.c...M.i.n.i.m.u.m.O.S.L.e.v.e.l.". ./.>..... . .<.W.i.x.B.a.l.C.o.n.d.i.t.i.o.n. .C.o.n.d.i.t.i.o.n.=.".V.e.r.s.i.o.n.N.T.6.4. .&.g.t.;.=. .v.6...0. .O.R. .(.V.e.r.s.i.o.n.N.T.6.4. .=. .v.5...2. .A.N.D. .S.e.r.v.i.c.e.P.a.c.k.L.e.v.e.l. .&.g.t.;.=. .1.).". .M.e.s.s.a.g.e.=.".[.W.i.x.B.u.n.d.l.e.N.a.m.e.]. .c.a.n. .o.n.l.y. .b.e. .i.n.s.t.a.l.l.e.d. .o.n. .W.i.n.d.o.w.s. .X.P. .S.P.1. .(.

                          C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\license.rtf

                          Download File
                          Process:C:\Program Files\Ortelia Curator\vc_redist.x64.exe
                          File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                          Category:dropped
                          Size (bytes):8863
                          Entropy (8bit):5.133375715016848
                          Encrypted:false
                          SSDEEP:
                          MD5:EBA5FAA2129CAFEC630B82ADAE942AA9
                          SHA1:52BA1E75ACCBEF329F64EA75111666F643D8987C
                          SHA-256:4D7B2ABAAB1C0D46260E5D48AD4CE4BBC3EC02C660838A9A578F1BEAD68D6B35
                          SHA-512:2BC372D51FF28BE5A7D8A957E3D98093D5CD8F88EFA5DAD914D6D5313CABBFBD1E93FFF7BA46FF1ED90F9074F4D03CF8A244B9D22BCEF88C562FF577921CBA8B
                          Malicious:false
                          Reputation:unknown
                          Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033{\fonttbl{\f0\fnil\fcharset0 Segoe UI;}}..{\colortbl ;\red0\green0\blue255;\red0\green32\blue96;\red0\green0\blue0;}..{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\b\f0\fs20 MICROSOFT SOFTWARE LICENSE TERMS\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120 MICROSOFT VISUAL STUDIO 2015 ADD-ONs, VISUAL STUDIO SHELLS and C++ REDISTRIBUTABLE \par..\pard\nowidctlpar\sb120\sa120\b0 These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. They apply to the software named above. The terms also apply to any Microsoft services or updates for the software, except to the extent those have different terms.\par..\pard\brdrt\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120\b IF YOU COMPLY WITH THESE LICENSE TERMS, YOU HAVE THE RIGHTS BELOW.\par..\pard\nowidctlpar\fi-357\li357\sb120\sa120\tx360 1.\tab INSTALLATION AND USE RIGHTS. \b

                          C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\logo.png

                          Download File
                          Process:C:\Program Files\Ortelia Curator\vc_redist.x64.exe
                          File Type:PNG image data, 64 x 64, 8-bit colormap, non-interlaced
                          Category:dropped
                          Size (bytes):1861
                          Entropy (8bit):6.868587546770907
                          Encrypted:false
                          SSDEEP:
                          MD5:D6BD210F227442B3362493D046CEA233
                          SHA1:FF286AC8370FC655AEA0EF35E9CF0BFCB6D698DE
                          SHA-256:335A256D4779EC5DCF283D007FB56FD8211BBCAF47DCD70FE60DED6A112744EF
                          SHA-512:464AAAB9E08DE610AD34B97D4076E92DC04C2CDC6669F60BFC50F0F9CE5D71C31B8943BD84CEE1A04FB9AB5BBED3442BD41D9CB21A0DD170EA97C463E1CE2B5B
                          Malicious:false
                          Reputation:unknown
                          Preview:.PNG........IHDR...@...@.............sRGB.........gAMA......a.....PLTE].q^.r_.r_.s`.s`.s`.ta.ta.ub.ub.vc.vd.vd.vd.we.we.xe.xg.yg yg zh zh"zi"{j#|i${j$|n*~n*.n,.o,.p..q0.r2.s3.t5.x;.x<.y>.z?.|B.~C.}E..F..F..H..I..J..L..O..P..W..Y..^..a..c..g..i..q..r..}.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................S......pHYs..%...%....^.....tEXtSoftware.Paint.NET v3.5.100.r.....IDATXG..iW.@...EJ.$M...`AEpG..7TpWT@\.."....(..(.._;...di:9.c>q..g....T...._...-....F..+..w.

                          C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\thm.wxl

                          Download File
                          Process:C:\Program Files\Ortelia Curator\vc_redist.x64.exe
                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):2952
                          Entropy (8bit):5.052095286906672
                          Encrypted:false
                          SSDEEP:
                          MD5:FBFCBC4DACC566A3C426F43CE10907B6
                          SHA1:63C45F9A771161740E100FAF710F30EED017D723
                          SHA-256:70400F181D00E1769774FF36BCD8B1AB5FBC431418067D31B876D18CC04EF4CE
                          SHA-512:063FB6685EE8D2FA57863A74D66A83C819FE848BA3072B6E7D1B4FE397A9B24A1037183BB2FDA776033C0936BE83888A6456AAE947E240521E2AB75D984EE35E
                          Malicious:false
                          Reputation:unknown
                          Preview:<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLouserzation Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/louserzation">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29" />.... <String Id="Caption">[WixBundleName] Setup</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Are you sure you want to cancel?</String>.. <String Id="HelpHeader">Setup Help</String>.. <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installs, repairs, uninstalls or.. creates a complete local copy of the bundle in directory. Install is the default...../passive | /quiet - displays minimal UI with no prompts or displays no UI and.. no prompts. By default UI and all prompts are displayed...../norestart - suppress any attempts to restart. By default UI will prompt before restart.../log log.txt - logs to a specific file. B

                          C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\thm.xml

                          Download File
                          Process:C:\Program Files\Ortelia Curator\vc_redist.x64.exe
                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):5881
                          Entropy (8bit):5.175177119212422
                          Encrypted:false
                          SSDEEP:
                          MD5:0056F10A42638EA8B4BEFC614741DDD6
                          SHA1:61D488CFBEA063E028A947CB1610EE372D873C9F
                          SHA-256:6B1BA0DEA830E556A58C883290FAA5D49C064E546CBFCD0451596A10CC693F87
                          SHA-512:5764EC92F65ACC4EBE4DE1E2B58B8817E81E0A6BC2F6E451317347E28D66E1E6A3773D7F18BE067BBB2CB52EF1FA267754AD2BF2529286CF53730A03409D398E
                          Malicious:false
                          Reputation:unknown
                          Preview:<?xml version="1.0" encoding="utf-8"?>..<Theme xmlns="http://wixtoolset.org/schemas/thmutil/2010">.. <Window Width="485" Height="300" HexStyle="100a0000" FontId="0">#(loc.Caption)</Window>.. <Font Id="0" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="1" Height="-24" Weight="500" Foreground="000000">Segoe UI</Font>.. <Font Id="2" Height="-22" Weight="500" Foreground="666666">Segoe UI</Font>.. <Font Id="3" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="4" Height="-12" Weight="500" Foreground="ff0000" Background="FFFFFF" Underline="yes">Segoe UI</Font>.... <Image X="11" Y="11" Width="64" Height="64" ImageFile="logo.png" Visible="yes"/>.. <Text X="80" Y="11" Width="-11" Height="64" FontId="1" Visible="yes" DisablePrefix="yes">#(loc.Title)</Text>.... <Page Name="Help">.. <Text X="11" Y="80" Width="-11" Height="30" FontId="2" DisablePrefix="yes">#(loc.HelpHeader)</T

                          C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\wixstdba.dll

                          Download File
                          Process:C:\Program Files\Ortelia Curator\vc_redist.x64.exe
                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                          Category:dropped
                          Size (bytes):120832
                          Entropy (8bit):6.2760527819182705
                          Encrypted:false
                          SSDEEP:
                          MD5:4D20A950A3571D11236482754B4A8E76
                          SHA1:E68BD784AC143E206D52ECAF54A7E3B8D4D75C9C
                          SHA-256:A9295AD4E909F979E2B6CB2B2495C3D35C8517E689CD64A918C690E17B49078B
                          SHA-512:8B9243D1F9EDBCBD6BDAF6874DC69C806BB29E909BD733781FDE8AC80CA3FFF574D786CA903871D1E856E73FD58403BEBB58C9F23083EA7CD749BA3E890AF3D2
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................x=....x...... .....0.....n..x.....x8....x9....x>...Rich..........................PE..L....NjT...........!.....4...................P...............................0......h.....@.............................................l....................... ...0S.................................@............P...............................text....2.......4.................. ..`.rdata...d...P...f...8..............@..@.data..../..........................@....rsrc...l...........................@..@.reloc..J ......."..................@..B................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 00:14:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2673
                          Entropy (8bit):3.9905172264223254
                          Encrypted:false
                          SSDEEP:
                          MD5:B3A733207D04C32AFECA24428DDB2CA3
                          SHA1:1AAA0CF19A049254DF1BC92C9370A4FEFF3851BE
                          SHA-256:E5AB8D410E94258724FE7E0F5AAE4BD472723034E46A3FDCFEF5E261A3E55AFE
                          SHA-512:8253E539CD7DB463DC0BBF03BC7EFCB85D3E47B62019B133F7352BA030F6B322CD266A666032DD99F68F81F81FF2DBB029156EF3D39699786DED22AFB942F91E
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,....G.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............<.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 00:14:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2675
                          Entropy (8bit):4.008915639220289
                          Encrypted:false
                          SSDEEP:
                          MD5:5A7791E5B1486386DA8073593DB72052
                          SHA1:3A500CC51043D0EFA5AD9D57D3A5C676941381EF
                          SHA-256:BD110ABD952D6C8A011497DBDAB4B3B2966C437E4C1F55B3839792570E8382C4
                          SHA-512:0A13B6823585EB1ECAD714BDA9CBC2B730072C19245D181F7B58C5EA4E465E6BA953FA7EB05B20DE4BA2B8E113A8E21B754D50D836E07F572DD758355B7076A6
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,....5.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............<.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2689
                          Entropy (8bit):4.013554080324767
                          Encrypted:false
                          SSDEEP:
                          MD5:FCCA994B39556746870BFB9150DAC39A
                          SHA1:DC194836DB68B31C17CC939DFBF987E802D671C8
                          SHA-256:BF7329C43EDF86170A9057636C4619297129DAE35A93E5392D27585F91B4E50E
                          SHA-512:842F398A08D8DC6420AF1AE410851B36D36D2F054EAFFFE08EA65E03AFC070E1BC792D94711B8D78C6EDC39CBBFD0CC8A0830815C0D2F013F083A24F6B18CC66
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............<.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 00:14:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2677
                          Entropy (8bit):4.005435582124247
                          Encrypted:false
                          SSDEEP:
                          MD5:671BA05F6656E35E6A56070A0BF323F7
                          SHA1:C605DFEC79A9676FAC2A3D06C82726E69D4170DD
                          SHA-256:683B505D918FBDEC13A8F2087C9339BAD15E039A393869B23224CD04504B0A00
                          SHA-512:4BFB2A90AADE8BB5A3BA846303731DEC1A7F0706A710DE35D5865CF87836C71C79455AB97A5CF660D6F351DB0F558C37B355E0F640946973FC4304BC47CD1421
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,.....e....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............<.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 00:14:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2677
                          Entropy (8bit):3.997541205794969
                          Encrypted:false
                          SSDEEP:
                          MD5:633B063C9254FEBAD7D28475E8BA0FEA
                          SHA1:5EDB36BA997CC318A9058D7BEAAC8B8264169A29
                          SHA-256:B668DEC6F0DB1CD13DEA31743F90A38D5901FB9144B40EC9AE6CCD7F2A4FC1E7
                          SHA-512:3E4C387D546BECAAF1D6B4171107D82F28D512F89CF893D68334CB248BE982DA4F0C4CCCC1AA2A0A4CC80B01C24BDF7F44714DED4118374100B02BEF7C5F952D
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,..........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............<.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 25 00:14:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2679
                          Entropy (8bit):4.004356802011819
                          Encrypted:false
                          SSDEEP:
                          MD5:755310C14AF6275566A08F4B906352D4
                          SHA1:64F4DD8183C9BA5C3D0F7DF8F3D89F1AFCF359B9
                          SHA-256:268FC1ADE4252D876F87B615441D16BE07051FEA31C8B0145F7667DB6733E3E7
                          SHA-512:40B65F2224287BB768DB162D57573116BDA6B69618D2D8FB6F2B62CE4FB7C0F3E4734ECA3DA37A4BE20621B761CB32227C3DB458062C3032FB23530BC6C4EE6C
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,....-.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............<.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\Documents\Ortelia\Curator\OrteliaDemo.exh (copy)

                          Download File
                          Process:C:\Program Files\Ortelia Curator\OrteliaCurator.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):0
                          Entropy (8bit):0.0
                          Encrypted:false
                          SSDEEP:
                          MD5:E92944EF8F1276B6B99EA1381F017C76
                          SHA1:0A002D83A7314C625F99AC2BBB9F7910CBF32252
                          SHA-256:8261A85A22B2C16C5AF329EFEA9252DC893048BA90440D1DC4D597BDA9ADF1F7
                          SHA-512:9E9D52C584C7B7F1FE59F964DC9DD813A870BD114CD7DC9602162C8AABBB8DC4C110FDA112DBD447F60F6204EE0DE20861C07B4AD608DA6B6F7E59FE9BB89276
                          Malicious:false
                          Reputation:unknown
                          Preview:UnityFS.....5.x.x.2019.3.15f1...... .#...Q.......C............ ..A..............BuildPlayer-Default.sharedAssets-..Q.>...5.Pault.].......\.QwM..(..BH.......G......Q.t....6..~.hl<()C....[Y-.>)....Z.Q..Y..6...g........G<%....i...]..`.,...<L.'....4.Gz_I.....e..g........Ra...m..v4.:.<O@PL...S...6P.. .h...I...W^Y.....H.d.m.J.h_....`..F.._.........rS.-t..T..=..R.C...L..._. ..^..j_..n...^...+w:....!.B.....{......._..N...t#{.f7.... ........>..n....^ub.S+..Gg..p.+.D....E+C...ad...a...#.pJ4.......4f"0..Q....1....N..K.[&...~..h..h.. BB.....*.5.R.......tR...zM....`..".8.......F...M;g.L.8.Lq.)Vx(.O*...(..i."..!.4.......;j6s..v.eF,.>.hi..l.^....3..L.Q.+....f..uNU...j,I...z...|..H.W.#.r.:c..g[.....E..#<.......2;. ..do.-Ii...d..>+{.Q.4.z.xG.t.....u...C.8g.d.a../...*....t|.......w...m...d...$K.V.1"(.Y....8a.j-$V....-....s;......a.<+......A>....d.r..<...v...Q..#.&1..?...c".7.....:sV.aY..>..o^..7..;..G,.[..>..i..E(..(.....,pZ....p...2.`./n..^9(...FB~.

                          C:\Users\user\Downloads\16f10be9-37f6-414c-a0a4-a45f20055150.tmp

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                          Category:dropped
                          Size (bytes):32493
                          Entropy (8bit):6.384304498070056
                          Encrypted:false
                          SSDEEP:
                          MD5:84E2884131893BD3517C81EEA01B8818
                          SHA1:56B8D7845D0E97D35A7F2F4411A50B032B4461E5
                          SHA-256:36C76767249A331CD3BA815737E4F29338B9B27AE5E51277EFC3EF1A9E798EC1
                          SHA-512:EB0881957DAB29F4027D4023A02111BBE85163C467C15ED170065FEE050A1BF29C5087EF6610723E69AB1C3A5B0111E7F030B083011B31BDEFEBD77BF053454A
                          Malicious:false
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F..v...F...@...F.Rich..F.........................PE..L...9.oZ.................d...|.......2............@.......................................@.................................4...........@K...........................................................................................................text....b.......d.................. ..`.rdata..T............h..............@..@.data....U...........|..............@....ndata...................................rsrc...@K.......L..................@..@................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\Downloads\CuratorSetup.exe (copy)

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                          Category:dropped
                          Size (bytes):0
                          Entropy (8bit):0.0
                          Encrypted:false
                          SSDEEP:
                          MD5:C9ADE8D7F83B0C6A7B2A2C1C17F48E7C
                          SHA1:12886CE21ABD1715310FC46F4922C0B18BFCF706
                          SHA-256:4191AD6B7C669B7566BC56BB517B9A080C2A1B7C6B04C3A9BC48A845C440A433
                          SHA-512:91E01D0300782AF848930F4E64BB6362957139A577E65023FA0B98DAF83D28222B33D2AB725948C2FC3D47023B9D68A29EF7EBF40D83E3C63A5A2CFE8E3A97A7
                          Malicious:false
                          Antivirus:
                          • Antivirus: Virustotal, Detection: 0%, Browse
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F..v...F...@...F.Rich..F.........................PE..L...9.oZ.................d...|.......2............@.......................................@.................................4...........@K...........................................................................................................text....b.......d.................. ..`.rdata..T............h..............@..@.data....U...........|..............@....ndata...................................rsrc...@K.......L..................@..@................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\Downloads\Unconfirmed 530961.crdownload

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                          Category:dropped
                          Size (bytes):135753261
                          Entropy (8bit):7.998026454463182
                          Encrypted:true
                          SSDEEP:
                          MD5:C9ADE8D7F83B0C6A7B2A2C1C17F48E7C
                          SHA1:12886CE21ABD1715310FC46F4922C0B18BFCF706
                          SHA-256:4191AD6B7C669B7566BC56BB517B9A080C2A1B7C6B04C3A9BC48A845C440A433
                          SHA-512:91E01D0300782AF848930F4E64BB6362957139A577E65023FA0B98DAF83D28222B33D2AB725948C2FC3D47023B9D68A29EF7EBF40D83E3C63A5A2CFE8E3A97A7
                          Malicious:true
                          Yara Hits:
                          • Rule: JoeSecurity_Havoc_1, Description: Yara detected Havoc, Source: C:\Users\user\Downloads\Unconfirmed 530961.crdownload, Author: Joe Security
                          • Rule: JoeSecurity_Havoc_1, Description: Yara detected Havoc, Source: C:\Users\user\Downloads\Unconfirmed 530961.crdownload, Author: Joe Security
                          • Rule: JoeSecurity_Havoc_1, Description: Yara detected Havoc, Source: C:\Users\user\Downloads\Unconfirmed 530961.crdownload, Author: Joe Security
                          Reputation:unknown
                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F..v...F...@...F.Rich..F.........................PE..L...9.oZ.................d...|.......2............@.......................................@.................................4...........@K...........................................................................................................text....b.......d.................. ..`.rdata..T............h..............@..@.data....U...........|..............@....ndata...................................rsrc...@K.......L..................@..@................................................................................................................................................................................................................................................................................................................................................

                          Chrome Cache Entry: 391

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (47529)
                          Category:downloaded
                          Size (bytes):47564
                          Entropy (8bit):6.039312983249798
                          Encrypted:false
                          SSDEEP:
                          MD5:D54A4192CC3E4D54677C8091C1DAE73B
                          SHA1:7E3E8E30C66C5751BB5477B4E9939969F4E2AA5E
                          SHA-256:DE7BDCB93F2804E963F238713752A30A22A3A3AFEF6070FB78D206E6199CD353
                          SHA-512:8CE610BD66B993A22DBE49C3D724480B7BE02639B0FC789F263CCBDC7D1152ECC68CDCEACFADA229EDCA9FF95E91B58E48E2918B0FE3447F2961124861F7F59A
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-includes/css/dashicons.min.css?ver=5.3.17
                          Preview:/*! This file is auto-generated */.@font-face{font-family:dashicons;src:url("../fonts/dashicons.eot?50db0456fde2a241f005968eede3f987");src:url("../fonts/dashicons.eot?50db0456fde2a241f005968eede3f987#iefix") format("embedded-opentype"),url("data:application/x-font-woff;charset=utf-8;base64,d09GRgABAAAAAGOkAAsAAAAArpgAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABHU1VCAAABCAAAADMAAABCsP6z7U9TLzIAAAE8AAAAQAAAAFZAuk8lY21hcAAAAXwAAAfLAAARhDPzNqdnbHlmAAAJSAAATqYAAIQUYJTKLWhlYWQAAFfwAAAALwAAADYSoxtRaGhlYQAAWCAAAAAfAAAAJAQxAwhobXR4AABYQAAAACMAAAQ4GgT/9mxvY2EAAFhkAAACHgAAAh6YX3d0bWF4cAAAWoQAAAAfAAAAIAIpAKBuYW1lAABapAAAATAAAAIiwytf8nBvc3QAAFvUAAAHzgAADrBt7+iZeJxjYGRgYOBikGPQYWB0cfMJYeBgYGGAAJAMY05meiJQDMoDyrGAaQ4gZoOIAgCKIwNPAHicY2Bk/Mc4gYGVgYOBhzGNgYHBHUp/ZZBkaGFgYGJgZWbACgLSXFMYHD4yfHVnAnH1mBgZGIE0CDMAAI/zCGl4nNXY939eZR3G8c9J0rQpraS7QQrpbrBAutOKkDaUtKgIFCh1lg5onW2hQHF1Aw5klOUWcW/FhQsVceIeuHGhuO+FKGq97lz8C/xg0nfPK8+rOc9z7nPu7/f6FhgGtMpcadOfu2ioL92pV5uh11sZOfR6W+s1+vl8+vU7k0NHGB3Gha5wXFgcloWBsDKsCuvCBWFr2BUOx

                          Chrome Cache Entry: 393

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (1443), with no line terminators
                          Category:downloaded
                          Size (bytes):1443
                          Entropy (8bit):5.158522959351445
                          Encrypted:false
                          SSDEEP:
                          MD5:43928880FF5EBADCD513755B011732CD
                          SHA1:D0FDB17DB490123ED700C2CAA5D2D764794CB6D5
                          SHA-256:37C5F58F12814DD0ECC28F15B7765C6BCD31A9479D330B4EF896E140BF89DC38
                          SHA-512:BA9EC90A842C0AAD802294C3FE144C0ED737E51586ED19DC15DCF518DD0C9790E6BA5A1A8BC9E8A09D48CAC3941DF65C4D1D77B3B79D76A6CFAC9B306C2DA710
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-includes/js/wp-embed.min.js?ver=5.3.17
                          Preview:!function(d,l){"use strict";var e=!1,n=!1;if(l.querySelector)if(d.addEventListener)e=!0;if(d.wp=d.wp||{},!d.wp.receiveEmbedMessage)if(d.wp.receiveEmbedMessage=function(e){var t=e.data;if(t)if(t.secret||t.message||t.value)if(!/[^a-zA-Z0-9]/.test(t.secret)){for(var r,i,a,s=l.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),n=l.querySelectorAll('blockquote[data-secret="'+t.secret+'"]'),o=new RegExp("^https?:$","i"),c=0;c<n.length;c++)n[c].style.display="none";for(c=0;c<s.length;c++)if(r=s[c],e.source===r.contentWindow){if(r.removeAttribute("style"),"height"===t.message){if(1e3<(a=parseInt(t.value,10)))a=1e3;else if(~~a<200)a=200;r.height=a}if("link"===t.message)if(i=l.createElement("a"),a=l.createElement("a"),i.href=r.getAttribute("src"),a.href=t.value,o.test(a.protocol))if(a.host===i.host)if(l.activeElement===r)d.top.location.href=t.value}}},e)d.addEventListener("message",d.wp.receiveEmbedMessage,!1),l.addEventListener("DOMContentLoaded",t,!1),d.addEventListener("load",t,!1);functi

                          Chrome Cache Entry: 394

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS5.1 Windows, datetime=2017:03:25 13:32:48], baseline, precision 8, 200x202, components 3
                          Category:downloaded
                          Size (bytes):19223
                          Entropy (8bit):6.917235229327498
                          Encrypted:false
                          SSDEEP:
                          MD5:9DE0893E905B4195297110D72CA2C3A5
                          SHA1:DAA9ACC6CD3B5A0CFFA4552C433AD05C8AF644B2
                          SHA-256:9752D7063D26A49B2E7C1BDA2C440432E2A6A59018F08BE84A6373602A0C6479
                          SHA-512:D2DF1BC3515904E1FE212AD226AF614E29F140AF054BBE0778C295DDEA0A60E5D5F9772F08713154971760162DBB4666974C7E9E684FB917E63D619D4646D786
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-content/uploads/2017/03/windows.jpg
                          Preview:.....ZExif..MM.*.............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop CS5.1 Windows.2017:03:25 13:32:48.................................................................................&.(.................................$.......H.......H..........Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..T.I%)$.$..L..W[wX.....?...%......,..G...E.s....=/.?E..o.....U.1.n....o.rJuRIy.T....R..\\:.1..9..znu[....n...IO.$.....Zl$.".A.]M1..n..:....Xr'..y0{2.X

                          Chrome Cache Entry: 395

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:Unicode text, UTF-8 text, with very long lines (8580), with no line terminators
                          Category:downloaded
                          Size (bytes):8582
                          Entropy (8bit):5.150518903225572
                          Encrypted:false
                          SSDEEP:
                          MD5:60ABE1ED1D645EE661071EC80959EBEB
                          SHA1:858C297A0DB82A03681016E393AAE1261B00C954
                          SHA-256:876FC6090BEF12C0F2017200E5F3BEBB6B9048A57DCDDD77260B9F78AB257471
                          SHA-512:8C548D2B6AB7A388DDDA422A026CFC43D013D623A1C7C843257FDED360D536B9CDDB15D33ECF10CE550D89626FBBA7133ABCA255CB2ABCBC137A2B63A85DA0A6
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/dom.min.js?ver=2.5.3
                          Preview:this.wp=this.wp||{},this.wp.dom=function(e){var t={};function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}return n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var o in e)n.d(r,o,function(t){return e[t]}.bind(null,o));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s="2sUP")}({"25BE":function(e,t,n){"use strict";function

                          Chrome Cache Entry: 396

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (629)
                          Category:downloaded
                          Size (bytes):114123
                          Entropy (8bit):5.3751905132312325
                          Encrypted:false
                          SSDEEP:
                          MD5:8E891F5946C8E1780E362268CB45EC8B
                          SHA1:CE7987D21787CE1FDFA7752204FB1EA00BBD0F74
                          SHA-256:5903B1BEE475A683A2D2AC0869FBBDB16609E2B8DEDE8027D2FEE274122D9003
                          SHA-512:68AA090E54C32E3186D8DDF8144D32A773D92EAE458B69B9C5D219158E9052524A568F56EEEE67FC7600BBD2D09E9BE575C8C215DA2473C24191E6279E76F7E0
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.9.0
                          Preview:/** @license React v16.9.0. * react-dom.production.min.js. *. * Copyright (c) Facebook, Inc. and its affiliates.. *. * This source code is licensed under the MIT license found in the. * LICENSE file in the root directory of this source tree.. */./*. Modernizr 3.0.0pre (Custom Build) | MIT.*/.'use strict';(function(ka,m){"object"===typeof exports&&"undefined"!==typeof module?module.exports=m(require("react")):"function"===typeof define&&define.amd?define(["react"],m):ka.ReactDOM=m(ka.React)})(this,function(ka){function m(a){for(var b=a.message,c="https://reactjs.org/docs/error-decoder.html?invariant="+b,d=1;d<arguments.length;d++)c+="&args[]="+encodeURIComponent(arguments[d]);a.message="Minified React error #"+b+"; visit "+c+" for the full message or use the non-minified dev environment for full errors and additional helpful warnings. ";.return a}function Ze(){if(jc)for(var a in Xa){var b=Xa[a],c=jc.indexOf(a);if(!(-1<c))throw m(Error(96),a);if(!kc[c]){if(!b.extractEvents)throw m(Error(

                          Chrome Cache Entry: 398

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (65536), with no line terminators
                          Category:downloaded
                          Size (bytes):101423
                          Entropy (8bit):4.99353779530965
                          Encrypted:false
                          SSDEEP:
                          MD5:0F505E9E91D717F983FE798CFC606A03
                          SHA1:B5E265510E2C7339B6503FA861FC3D154AB8395E
                          SHA-256:EF304CC68F4CC31AA1B7FB40434E108BD3FCE7A93FF2FBA75C15E63B2EFC8B15
                          SHA-512:DFC004BA358D1D2ED747BBA4BFAE66B59F88B6EC1C461781069FE0BF81CF751A4BCA13C53EC04FA5B0F21B44B8B287760A47C13E1AD14DF57E09E4AE755896C4
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-includes/css/dist/components/style.min.css?ver=5.3.17
                          Preview:.components-animate__appear{animation:components-animate__appear-animation .1s cubic-bezier(0,0,.2,1) 0s;animation-fill-mode:forwards}@media (prefers-reduced-motion:reduce){.components-animate__appear{animation-duration:1ms}}.components-animate__appear.is-from-top,.components-animate__appear.is-from-top.is-from-left{transform-origin:top left}.components-animate__appear.is-from-top.is-from-right{transform-origin:top right}.components-animate__appear.is-from-bottom,.components-animate__appear.is-from-bottom.is-from-left{transform-origin:bottom left}.components-animate__appear.is-from-bottom.is-from-right{transform-origin:bottom right}@keyframes components-animate__appear-animation{0%{transform:translateY(-2em) scaleY(0) scaleX(0)}to{transform:translateY(0) scaleY(1) scaleX(1)}}.components-animate__slide-in{animation:components-animate__slide-in-animation .1s cubic-bezier(0,0,.2,1);animation-fill-mode:forwards}@media (prefers-reduced-motion:reduce){.components-animate__slide-in{animation-

                          Chrome Cache Entry: 399

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text
                          Category:downloaded
                          Size (bytes):14647
                          Entropy (8bit):4.510088595604485
                          Encrypted:false
                          SSDEEP:
                          MD5:22D732902F0AAFB3E52FB5EFCEE37466
                          SHA1:E9AD6B3EA7E7195373BC28BB8458FF1F2C6D3556
                          SHA-256:9946B8BF9D53B5CA6537781974239C99EB59CED7F04DEED289F0D2D83B00D989
                          SHA-512:D934FC90122225C717BEDCFE22E5919A153BC36514D1FF4EC1D68CDB6532B8CEBA155BB7037749C0F306F64E7DCF5FF7F8791C09084383EBD5C87F698160DC0E
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-content/plugins/divi_extended_column_layouts/style.css?ver=5.3.17
                          Preview:@media (min-width: 981px) {. . .et_pb_column_5_6 .et_pb_row_inner, .et_pb_column_4_5 .et_pb_row_inner {. padding: 3.735% 0;. }. . /*gutters 1*/. .et_pb_gutters1 .et_pb_column_1_6, .et_pb_gutters1 .et_pb_row .et_pb_column_1_6, body .et_pb_gutters1.et_pb_row > .et_pb_column_1_6 {. width: 16.665%;. }. . .et_pb_gutters1 .et_pb_column_1_7, .et_pb_gutters1 .et_pb_row .et_pb_column_1_7, body .et_pb_gutters1.et_pb_row > .et_pb_column_1_7 {. width: 14.2833%;. }. . .et_pb_gutters1 .et_pb_column_1_8, .et_pb_gutters1 .et_pb_row .et_pb_column_1_8, body .et_pb_gutters1.et_pb_row > .et_pb_column_1_8 {. width: 12.50%;. }. . .et_pb_gutters1 .et_pb_column_1_5, .et_pb_gutters1 .et_pb_row .et_pb_column_1_5, body .et_pb_gutters1.et_pb_row > .et_pb_column_1_5 {. width: 20%;. }. . .et_pb_gutters1 .et_pb_column_5_6, .et_pb_gutters1 .et_pb_row .et_pb_column_5_6, body .et_pb_gutters1.et_pb_row > .et_pb_column_5_6 {.

                          Chrome Cache Entry: 400

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (11488), with no line terminators
                          Category:downloaded
                          Size (bytes):11488
                          Entropy (8bit):5.049591838457919
                          Encrypted:false
                          SSDEEP:
                          MD5:4945C3034C2A44A1472057FA6A20B863
                          SHA1:DE659EAB815A43A78A363F724B1742C6E678A6DB
                          SHA-256:D4AE6D0863B706358413C2055DC950FA0E3FAF2E878D1111B2828F25316B4839
                          SHA-512:D5CC4494B92CD406AB86FD2726BA9C01CD7A3081F710E997EA093C05C0833DF6F99507787882DF47650C4A608C1D110A348ADDA3BE5ECE4A7098AD1042904C0B
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/compose.min.js?ver=3.7.2
                          Preview:this.wp=this.wp||{},this.wp.compose=function(t){var e={};function n(r){if(e[r])return e[r].exports;var o=e[r]={i:r,l:!1,exports:{}};return t[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}return n.m=t,n.c=e,n.d=function(t,e,r){n.o(t,e)||Object.defineProperty(t,e,{enumerable:!0,get:r})},n.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},n.t=function(t,e){if(1&e&&(t=n(t)),8&e)return t;if(4&e&&"object"==typeof t&&t&&t.__esModule)return t;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:t}),2&e&&"string"!=typeof t)for(var o in t)n.d(r,o,function(e){return t[e]}.bind(null,o));return r},n.n=function(t){var e=t&&t.__esModule?function(){return t.default}:function(){return t};return n.d(e,"a",e),e},n.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},n.p="",n(n.s="PD33")}({"1OyB":function(t,e,n){"use strict";funct

                          Chrome Cache Entry: 401

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:exported SGML document, ASCII text, with very long lines (3737), with no line terminators
                          Category:downloaded
                          Size (bytes):3737
                          Entropy (8bit):5.251811061858386
                          Encrypted:false
                          SSDEEP:
                          MD5:FED6763609ECE155FA401D3322F47905
                          SHA1:DA2836BDBC49BB20982EC52A5272AE2D9E9C95AB
                          SHA-256:097BE6B4D127BA32B01E2EB8DEC5721E0BE2A64F948F28B9347E8A04107BAE7F
                          SHA-512:3D54E21A67C896A146E82E601DAC98A741F36EECC408F3744BE840ABD326828FA3FA79CD0A5F73ABC3A1EB54C7B6D3C99396285D48DB60545855888A611A4FFF
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/block-serialization-default-parser.min.js?ver=3.4.1
                          Preview:this.wp=this.wp||{},this.wp.blockSerializationDefaultParser=function(t){var n={};function r(e){if(n[e])return n[e].exports;var u=n[e]={i:e,l:!1,exports:{}};return t[e].call(u.exports,u,u.exports,r),u.l=!0,u.exports}return r.m=t,r.c=n,r.d=function(t,n,e){r.o(t,n)||Object.defineProperty(t,n,{enumerable:!0,get:e})},r.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},r.t=function(t,n){if(1&n&&(t=r(t)),8&n)return t;if(4&n&&"object"==typeof t&&t&&t.__esModule)return t;var e=Object.create(null);if(r.r(e),Object.defineProperty(e,"default",{enumerable:!0,value:t}),2&n&&"string"!=typeof t)for(var u in t)r.d(e,u,function(n){return t[n]}.bind(null,u));return e},r.n=function(t){var n=t&&t.__esModule?function(){return t.default}:function(){return t};return r.d(n,"a",n),n},r.o=function(t,n){return Object.prototype.hasOwnProperty.call(t,n)},r.p="",r(r.s="SiJt")}({DSFK:function(t,n

                          Chrome Cache Entry: 402

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (64929)
                          Category:downloaded
                          Size (bytes):755424
                          Entropy (8bit):4.891030988503317
                          Encrypted:false
                          SSDEEP:
                          MD5:872DA82F373E36FE1647F8CE76B7AE50
                          SHA1:60FF3B4EC5F413BDFFB83560D5E16F1A4E8F559A
                          SHA-256:DCB72D840308F3DE72843CA44E967C14064731DD8F5AE284B2F0A4900E57541E
                          SHA-512:277603804DE68CC3A1BF590F650E9257D4AEDA46883DABD28B13EF6B356073D2C56307FDACA9789F7E7D95B8EADD1EBACF6136AB62201991C7F84920B1A3E372
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-content/themes/Divi/style.css
                          Preview:/*!.Theme Name: Divi.Theme URI: http://www.elegantthemes.com/gallery/divi/.Version: 4.0.6.Description: Smart. Flexible. Beautiful. Divi is the most powerful theme in our collection..Author: Elegant Themes.Author URI: http://www.elegantthemes.com.Tags: responsive-layout, one-column, two-columns, three-columns, four-columns, left-sidebar, right-sidebar, custom-background, custom-colors, featured-images, full-width-template, post-formats, rtl-language-support, theme-options, threaded-comments, translation-ready.License: GNU General Public License v2.License URI: http://www.gnu.org/licenses/gpl-2.0.html.*/a,abbr,acronym,address,applet,b,big,blockquote,body,center,cite,code,dd,del,dfn,div,dl,dt,em,fieldset,font,form,h1,h2,h3,h4,h5,h6,html,i,iframe,img,ins,kbd,label,legend,li,object,ol,p,pre,q,s,samp,small,span,strike,strong,sub,sup,tt,u,ul,var{margin:0;padding:0;border:0;outline:0;background:0 0;font-size:100%;vertical-align:baseline;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}b

                          Chrome Cache Entry: 404

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS5.1 Windows, datetime=2017:03:25 13:36:49], baseline, precision 8, 200x202, components 3
                          Category:dropped
                          Size (bytes):20740
                          Entropy (8bit):7.139427995053925
                          Encrypted:false
                          SSDEEP:
                          MD5:95149C47C52FBA63F1CB4221B653363F
                          SHA1:D2DEA0B73CECAA6916B17EE3574F4BAB95A47159
                          SHA-256:CB165EA4BFC5CB3AFD4A12C027FB19332696D9D6EDB21377EE43D99BE8589F67
                          SHA-512:A3D6EB86202E89BB724098ABE11C056FA074719C06B2B353E79D6968686329C6654D8DB2120CC5AF3106A8FA4A30B38CF3F7CCC4076B767DDA63572942D77EE8
                          Malicious:false
                          Reputation:unknown
                          Preview:......Exif..MM.*.............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop CS5.1 Windows.2017:03:25 13:36:49.................................................................................&.(.........................................H.......H..........Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..T.I%)$.IJI$.R.I$...I%)b.a...:..r........D..,.m4....g...V...n..W@.k*.....?E.},....s.>..~..-..M..}.96:........5...o..g..IN.T.....9.d...........9.......}

                          Chrome Cache Entry: 405

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:data
                          Category:downloaded
                          Size (bytes):9053
                          Entropy (8bit):5.277604967942265
                          Encrypted:false
                          SSDEEP:
                          MD5:BF3A614478F4AD8A34106447D68836DE
                          SHA1:A6DB0BD49501475EDAA450443F76C5436B3B379F
                          SHA-256:2A33FAA70B6540F8B78F7C29E38B24AB39080C566FEF615F320BBD78FCC5E9D6
                          SHA-512:A798CE8D96D1CF0970D894B7BBF13E1D67805D569FA553EDDFA6162968DE024E525C22D22DF844B8F21F859E80864DC74F4B623F4AB32DEA1D0286F53D8ECEB0
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/i18n.min.js?ver=3.6.1
                          Preview:this.wp=this.wp||{},this.wp.i18n=function(n){var t={};function e(r){if(t[r])return t[r].exports;var i=t[r]={i:r,l:!1,exports:{}};return n[r].call(i.exports,i,i.exports,e),i.l=!0,i.exports}return e.m=n,e.c=t,e.d=function(n,t,r){e.o(n,t)||Object.defineProperty(n,t,{enumerable:!0,get:r})},e.r=function(n){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(n,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(n,"__esModule",{value:!0})},e.t=function(n,t){if(1&t&&(n=e(n)),8&t)return n;if(4&t&&"object"==typeof n&&n&&n.__esModule)return n;var r=Object.create(null);if(e.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:n}),2&t&&"string"!=typeof n)for(var i in n)e.d(r,i,function(t){return n[t]}.bind(null,i));return r},e.n=function(n){var t=n&&n.__esModule?function(){return n.default}:function(){return n};return e.d(t,"a",t),t},e.o=function(n,t){return Object.prototype.hasOwnProperty.call(n,t)},e.p="",e(e.s="Vhyj")}({"4Z/T":function(n,t,e){var r;!function(){"us

                          Chrome Cache Entry: 406

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:Unicode text, UTF-8 text, with CRLF line terminators
                          Category:downloaded
                          Size (bytes):96773
                          Entropy (8bit):5.3643413655661
                          Encrypted:false
                          SSDEEP:
                          MD5:F7C00A3DFF8E4D8DD0990653A6F3DBD0
                          SHA1:8B21CBC23119891FBE1D244578D6E3B079EEB6C6
                          SHA-256:775F8D4C3472E0472292D38B6392FAC73DEC3319D8E1EADF88398DA1C12F1614
                          SHA-512:8D75C543E3767E27B179597BEAA63EA36946C8635AD3908AC232FDC47A4C1382C81BE368CD70ADE00AE4BE72912D45A875DAEEF96D673B3AA89958BAE942977A
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-content/plugins/fastspring/public/js/fastspring-public.js?ver=1.0.0
                          Preview:..document.addEventListener('click', function (event)...{....if (event.target.matches('.fsb-close'))....{.....event.preventDefault();.....fastspring_closeitall();.....return....}....if(event.target.hasAttribute('data-fsc-addthis'))....{.....var product = event.target.getAttribute("data-fsc-addthis");.....var cart = event.target.getAttribute("data-fsc-cart");.....fastspring_addProd(product, cart);.....return....}....if(event.target.hasAttribute('data-fsc-opencart'))....{.....event.preventDefault();.....fastspring_openCart(event.target.getAttribute("data-fsc-opencart"));.....return....}....if(event.target.hasAttribute('data-fsc-toggle')) {.....event.preventDefault();.....var modal = event.target.getAttribute("data-fsc-target");.....var element = document.querySelector(modal);.....element.classList.add('show');.......element.style.display = 'block';........}....if(event.target.hasAttribute('role')) {.....event.preventDefault();.....var modal = event.target.getAttribute("role");.....event.

                          Chrome Cache Entry: 407

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (9959)
                          Category:downloaded
                          Size (bytes):10056
                          Entropy (8bit):5.308628526814024
                          Encrypted:false
                          SSDEEP:
                          MD5:7121994EEC5320FBE6586463BF9651C2
                          SHA1:90532AFF6D4121954254CDF04994D834F7EC169B
                          SHA-256:48EB8B500AE6A38617B5738D2B3FAEC481922A7782246E31D2755C034A45CD5D
                          SHA-512:B74A2F03C64E883B9A34DE43690429327DFB4AA230A7A6AFCA8150A16E3D84E98461245FF264C26368D9904562CC34FE219F71F951D364FA5C68C039B76776CD
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
                          Preview:/*! jQuery Migrate v1.4.1 | (c) jQuery Foundation and other contributors | jquery.org/license */."undefined"==typeof jQuery.migrateMute&&(jQuery.migrateMute=!0),function(a,b,c){function d(c){var d=b.console;f[c]||(f[c]=!0,a.migrateWarnings.push(c),d&&d.warn&&!a.migrateMute&&(d.warn("JQMIGRATE: "+c),a.migrateTrace&&d.trace&&d.trace()))}function e(b,c,e,f){if(Object.defineProperty)try{return void Object.defineProperty(b,c,{configurable:!0,enumerable:!0,get:function(){return d(f),e},set:function(a){d(f),e=a}})}catch(g){}a._definePropertyBroken=!0,b[c]=e}a.migrateVersion="1.4.1";var f={};a.migrateWarnings=[],b.console&&b.console.log&&b.console.log("JQMIGRATE: Migrate is installed"+(a.migrateMute?"":" with logging active")+", version "+a.migrateVersion),a.migrateTrace===c&&(a.migrateTrace=!0),a.migrateReset=function(){f={},a.migrateWarnings.length=0},"BackCompat"===document.compatMode&&d("jQuery is not compatible with Quirks Mode");var g=a("<input/>",{size:1}).attr("size")&&a.attrFn,h=a.att

                          Chrome Cache Entry: 408

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (65536), with no line terminators
                          Category:downloaded
                          Size (bytes):81849
                          Entropy (8bit):5.12965101298285
                          Encrypted:false
                          SSDEEP:
                          MD5:462196A522559A5F078CE914D6E89667
                          SHA1:C1883E449B0BB88D7A46357ABCF78E7D3CE9FB16
                          SHA-256:D6AD3F1442E1FFD53E0FA20A94B361CF7A749491DE072ECAD093059CC890F352
                          SHA-512:8B9F5DFB446881D17AE0908DDF28E52D18D2AC1BD6595275A843DFE9F370628BD174DE51F8CE484128B15E45D09C8E28C25E3245E0DBAD5970186ED6F2BFFD6C
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-content/plugins/fastspring/dist/blocks.style.build.css?ver=5.3.17
                          Preview:.fastspring *,.fastspring *::before,.fastspring *::after{-webkit-box-sizing:border-box;box-sizing:border-box}.fastspring[tabindex="-1"]:focus:not(:focus-visible){outline:0 !important}.fastspring hr{margin:1rem 0;color:inherit;background-color:currentColor;border:0;opacity:0.25}.fastspring hr:not([size]){height:1px}.fastspring p,.fastspring a{margin:0px}.fastspring .originalPrice{color:#c0c0c0}.fastspring .container{width:100%;padding-right:15px;padding-left:15px;margin-right:auto;margin-left:auto}@media (min-width: 576px){.fastspring .container{max-width:540px}}@media (min-width: 768px){.fastspring .container{max-width:720px}}@media (min-width: 992px){.fastspring .container{max-width:960px}}@media (min-width: 1200px){.fastspring .container{max-width:1140px}}.fastspring .container-fluid,.fastspring .container-sm,.fastspring .container-md,.fastspring .container-lg,.fastspring .container-xl{width:100%;padding-right:15px;padding-left:15px;margin-right:auto;margin-left:auto}@media (min-widt

                          Chrome Cache Entry: 409

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (4143)
                          Category:downloaded
                          Size (bytes):73015
                          Entropy (8bit):5.342744191670081
                          Encrypted:false
                          SSDEEP:
                          MD5:9BECC40FB1D85D21D0CA38E2F7069511
                          SHA1:AE854B04025DB8B7F48FDD6DEDF41E77EAE44394
                          SHA-256:A9705DFC47C0763380D851AB1801BE6F76019F6B67E40E9B873F8B4A0603F7A9
                          SHA-512:585374E3CE3AB1D28C20FE4B28DA6131A5B353B629332094DB8E5EB4ADE0FF601161B3CAF546F5F1E1BE96353DEAA29109687EAAE098EF279F4A6964430D4035
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/vendor/lodash.min.js?ver=4.17.21
                          Preview:/**. * @license. * Lodash <https://lodash.com/>. * Copyright OpenJS Foundation and other contributors <https://openjsf.org/>. * Released under MIT license <https://lodash.com/license>. * Based on Underscore.js 1.8.3 <http://underscorejs.org/LICENSE>. * Copyright Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors. */.(function(){function n(n,t,r){switch(r.length){case 0:return n.call(t);case 1:return n.call(t,r[0]);case 2:return n.call(t,r[0],r[1]);case 3:return n.call(t,r[0],r[1],r[2])}return n.apply(t,r)}function t(n,t,r,e){for(var u=-1,i=null==n?0:n.length;++u<i;){var o=n[u];t(e,o,r(o),n)}return e}function r(n,t){for(var r=-1,e=null==n?0:n.length;++r<e&&t(n[r],r,n)!==!1;);return n}function e(n,t){for(var r=null==n?0:n.length;r--&&t(n[r],r,n)!==!1;);return n}function u(n,t){for(var r=-1,e=null==n?0:n.length;++r<e;)if(!t(n[r],r,n))return!1;.return!0}function i(n,t){for(var r=-1,e=null==n?0:n.length,u=0,i=[];++r<e;){var o=n[r];t(o,r,n)&&(i[u++]=o)}return i}function o(n

                          Chrome Cache Entry: 410

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (58392), with CRLF line terminators
                          Category:downloaded
                          Size (bytes):58582
                          Entropy (8bit):4.719371383033278
                          Encrypted:false
                          SSDEEP:
                          MD5:26386564B5CF1594BE24059AF1CD0DB9
                          SHA1:82E34D28F8A1169B20B60101D5BB0446DEBA3514
                          SHA-256:B726A2CCED0A9E28DC93BE27AE974937E87D68DF8B09BAF2A4FCA2BA5C5A0404
                          SHA-512:53A0BDEB132D835E6C5F96251F6877FAF7520A5FDE8A27F2565F788405F7E086071786AE948E3A49F51F44907032A1DCB51E8B3A2A907F4AD5A939728410D19F
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-content/plugins/fastspring/public/css/awesome.css?ver=5.3.17
                          Preview:/*!.. * Font Awesome Free 5.13.0 by @fontawesome - https://fontawesome.com.. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License).. */...fa,.fab,.fad,.fal,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:inline-block;font-style:normal;font-variant:normal;text-rendering:auto;line-height:1}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-fw{text-align:center;width:1.25em}.fa-ul{list-style-type:none;margin-left:2.5em;padding-left:0}.fa-ul>li{position:relative}.fa-li{left:-2em;position:absolute;text-align:center;width:2em;line-height:inherit}.fa-border{border:.08em solid #eee;border-radius:.1em;padding:.2em .25em .15em}.f

                          Chrome Cache Entry: 411

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (1498), with no line terminators
                          Category:downloaded
                          Size (bytes):1498
                          Entropy (8bit):5.076058340438565
                          Encrypted:false
                          SSDEEP:
                          MD5:3EBDDC3C6334AB99A066A0BE18865679
                          SHA1:4B9315669BC89804EEF9FF3541BA3D2FD71E32F6
                          SHA-256:88D8F9613856B8389F68CE5D8D46952E58830B5C7A0F99D7E8C5632812B59A4D
                          SHA-512:1F779BC6A8B759C24CB2A14625BDD5E6B22E5AAA05670352D05FB66402233C1330C9213E560D173477E594E6421F2712B3B123BE614D7D929810D69AA7A75DE4
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/priority-queue.min.js?ver=1.3.1
                          Preview:this.wp=this.wp||{},this.wp.priorityQueue=function(e){var t={};function n(r){if(t[r])return t[r].exports;var u=t[r]={i:r,l:!1,exports:{}};return e[r].call(u.exports,u,u.exports,n),u.l=!0,u.exports}return n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var u in e)n.d(r,u,function(t){return e[t]}.bind(null,u));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s="XPKI")}({XPKI:function(e,t,n){"use strict";n

                          Chrome Cache Entry: 412

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (1647), with no line terminators
                          Category:downloaded
                          Size (bytes):1647
                          Entropy (8bit):5.118675604619405
                          Encrypted:false
                          SSDEEP:
                          MD5:BBAFBB82C9E12E2E59FD97EF7BA7206D
                          SHA1:6C81751613841AA4698908806F7A9151345CA6A0
                          SHA-256:159C23A7B0AF92B2446284822DD87D89E6E6885A3E3E2248B934A73BCF75C821
                          SHA-512:C43EB95877E2D012303984C0A3AD415053AEE52A950C289BD04DD04722698E7867D92315F47C868329808EFD865BFBC03746B770ADEF1071684B1F85CEB7AA9E
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/escape-html.min.js?ver=1.5.1
                          Preview:this.wp=this.wp||{},this.wp.escapeHtml=function(e){var t={};function n(r){if(t[r])return t[r].exports;var u=t[r]={i:r,l:!1,exports:{}};return e[r].call(u.exports,u,u.exports,n),u.l=!0,u.exports}return n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var u in e)n.d(r,u,function(t){return e[t]}.bind(null,u));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s="IsfW")}({IsfW:function(e,t,n){"use strict";n.r(

                          Chrome Cache Entry: 413

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (4080), with no line terminators
                          Category:downloaded
                          Size (bytes):4080
                          Entropy (8bit):5.254366860080468
                          Encrypted:false
                          SSDEEP:
                          MD5:055C0B961014DB50ADECC8A397B876BE
                          SHA1:34A4CE3869F3BAF35033D0D3A4D45A8AD9293CD5
                          SHA-256:5DD3A24B533F3C7D187849D33426539C43B28C3D192BA9A741089CFAF05502C9
                          SHA-512:61A4AAD0387E5EF6246E1C6902E456326498E5C3FF92EB962E49E0F3EF88DC57D29EDFB05A8157667A028FEA5375C58E3E5EE3106C126114B10A2D676570F8E8
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/shortcode.min.js?ver=2.4.1
                          Preview:this.wp=this.wp||{},this.wp.shortcode=function(t){var e={};function n(r){if(e[r])return e[r].exports;var i=e[r]={i:r,l:!1,exports:{}};return t[r].call(i.exports,i,i.exports,n),i.l=!0,i.exports}return n.m=t,n.c=e,n.d=function(t,e,r){n.o(t,e)||Object.defineProperty(t,e,{enumerable:!0,get:r})},n.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},n.t=function(t,e){if(1&e&&(t=n(t)),8&e)return t;if(4&e&&"object"==typeof t&&t&&t.__esModule)return t;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:t}),2&e&&"string"!=typeof t)for(var i in t)n.d(r,i,function(e){return t[e]}.bind(null,i));return r},n.n=function(t){var e=t&&t.__esModule?function(){return t.default}:function(){return t};return n.d(e,"a",e),e},n.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},n.p="",n(n.s="/2FX")}({"/2FX":function(t,e,n){"use strict";n.r

                          Chrome Cache Entry: 414

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (1379), with no line terminators
                          Category:downloaded
                          Size (bytes):1379
                          Entropy (8bit):5.0122833324880505
                          Encrypted:false
                          SSDEEP:
                          MD5:9C2774F788BAD759B8E44747D4BE22F7
                          SHA1:5F6FDBD7CC91EE4716E4E75E441CEE64359A36AD
                          SHA-256:8DB7ACEA0AAFA5E779A6984FC1D0349406596380BFDA0DB05655F97B9961A552
                          SHA-512:3376DC90D2CCF09EC70DAD5946FFD8167CBD5D2748A78B492C33E6ECB09BC17A3016E50005D705303AA8C08D31AF9E81E4E0E8E02BA62FCB3CCE79DC4B8ED50A
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/html-entities.min.js?ver=2.5.0
                          Preview:this.wp=this.wp||{},this.wp.htmlEntities=function(e){var t={};function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}return n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var o in e)n.d(r,o,function(t){return e[t]}.bind(null,o));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s="1FHn")}({"1FHn":function(e,t,n){"use strict";

                          Chrome Cache Entry: 415

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:Unicode text, UTF-8 text, with very long lines (20990)
                          Category:downloaded
                          Size (bytes):304642
                          Entropy (8bit):5.142444669655825
                          Encrypted:false
                          SSDEEP:
                          MD5:97CD1CAF0D57E82F1B64A0ED4A9D54FD
                          SHA1:1A2E8BDDBB7A69F18C595D85E8D12DCC6E036BE8
                          SHA-256:755A22D4B8602F33AFDF12370046793172AF332A3FC57EDF604F3E7287786E62
                          SHA-512:6DD777E87028409A90C0BD31F6816A9576E39E1DF9469E27866C495347A89229D111DC7B213DACFF1FE140AFCD8A157F6F698FD9546790F517D4F96FB09357EF
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-content/themes/Divi/js/custom.min.js?ver=4.0.6
                          Preview:/*! ET et_shortcodes_frontend.js */.!function($){$.fn.et_shortcodes_switcher=function(options){options=$.extend({slides:">div",activeClass:"active",linksNav:"",findParent:!0,lengthElement:"li",useArrows:!1,arrowLeft:"a#prev-arrow",arrowRight:"a#next-arrow",auto:!1,autoSpeed:5e3,slidePadding:"",pauseOnHover:!0,fx:"fade",sliderType:""},options);return this.each(function(){var $activeSlide,$nextSlide,$et_shortcodes_mobile_controls,slidesContainer=jQuery(this).parent().css("position","relative"),$slides=jQuery(this).css({overflow:"hidden",position:"relative"}),$slides_wrapper_box=slidesContainer.find(".et-tabs-content-wrapper"),$slides_wrapper=$slides_wrapper_box.parent(),$slide=$slides.find(".et-tabs-content-wrapper"+options.slides),slidesNum=$slide.length,currentPosition=1,slides_wrapper_width=$slides_wrapper.width();if("slide"===options.fx&&($slides_wrapper_box.width(200*(slidesNum+2)+"%"),$slide.css({width:slides_wrapper_width,visibility:"visible"}),$slides_wrapper_box.append($slide.fi

                          Chrome Cache Entry: 416

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (1742)
                          Category:downloaded
                          Size (bytes):2242
                          Entropy (8bit):4.875114075575898
                          Encrypted:false
                          SSDEEP:
                          MD5:2D2B907716B25AE5CD508979A8EEACAF
                          SHA1:7001010E6700C30FC135557718B35F5AB06F0F36
                          SHA-256:8A41AB5467C12FA500A501200063CE8CA9690051513860BD44135BB996380E33
                          SHA-512:E5BDF070CA12A0B26AEFDCC5E2DB0A05972089F20559AC3E8D9AD4EEFA90BD320102407922A4DD4653064B10D4D43C0E34F0AEB14F84991F148D039632A159FB
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-includes/css/dist/nux/style.min.css?ver=5.3.17
                          Preview:.nux-dot-tip:after,.nux-dot-tip:before{border-radius:100%;content:" ";pointer-events:none;position:absolute}.nux-dot-tip:before{animation:nux-pulse 1.6s cubic-bezier(.17,.67,.92,.62) infinite;background:rgba(0,115,156,.9);height:24px;left:-12px;top:-12px;transform:scale(.33333);width:24px}.nux-dot-tip:after{background:#00739c;height:8px;left:-4px;top:-4px;width:8px}@keyframes nux-pulse{to{background:rgba(0,115,156,0);transform:scale(1)}}.nux-dot-tip .components-popover__content{padding:5px 41px 5px 20px;width:350px}@media (min-width:600px){.nux-dot-tip .components-popover__content{width:450px}}.nux-dot-tip .components-popover__content .nux-dot-tip__disable{position:absolute;right:0;top:0}.nux-dot-tip.is-top{margin-top:-4px}.nux-dot-tip.is-bottom{margin-top:4px}.nux-dot-tip.is-middle.is-left{margin-left:-4px}.nux-dot-tip.is-middle.is-right{margin-left:4px}.nux-dot-tip.is-top .components-popover__content{margin-bottom:20px}.nux-dot-tip.is-bottom .components-popover__content{margin-top:20

                          Chrome Cache Entry: 417

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:SVG Scalable Vector Graphics image
                          Category:downloaded
                          Size (bytes):4458
                          Entropy (8bit):4.980124440389103
                          Encrypted:false
                          SSDEEP:
                          MD5:E20C27B5D8A7703EDACF4DDB6DB909C1
                          SHA1:40A910A423FF0DE806E6C6FD4DBB2CBBAD56723C
                          SHA-256:E2EA9A55B25162F88177141D074841F48A6883AE24C6C6560B163BFAC705013A
                          SHA-512:556FF86CA2B0B9F1826F325616650C74515DB195A06E91FACC21D8A123FA9AEA7BFAD02722A44EB776EED884DF543DAF9FD925255341934D15C4B464C4D0B986
                          Malicious:false
                          Reputation:unknown
                          URL:https://d1f8f9xcsvx3ha.cloudfront.net/pinhole/spin.svg
                          Preview:<svg width='100px' height='100px' xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100" preserveAspectRatio="xMidYMid" class="uil-default"><rect x="0" y="0" width="100" height="100" fill="none" class="bk"></rect><rect x='46' y='46' width='8' height='8' rx='3' ry='3' fill='#ccc' transform='rotate(0 50 50) translate(0 -30)'> <animate attributeName='opacity' from='1' to='0' dur='1s' begin='0s' repeatCount='indefinite'/></rect><rect x='46' y='46' width='8' height='8' rx='3' ry='3' fill='#ccc' transform='rotate(21.176470588235293 50 50) translate(0 -30)'> <animate attributeName='opacity' from='1' to='0' dur='1s' begin='0.058823529411764705s' repeatCount='indefinite'/></rect><rect x='46' y='46' width='8' height='8' rx='3' ry='3' fill='#ccc' transform='rotate(42.35294117647059 50 50) translate(0 -30)'> <animate attributeName='opacity' from='1' to='0' dur='1s' begin='0.11764705882352941s' repeatCount='indefinite'/></rect><rect x='46' y='46' width='8' height='8' rx='3' ry='3' fill='#c

                          Chrome Cache Entry: 418

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (41045), with no line terminators
                          Category:downloaded
                          Size (bytes):41045
                          Entropy (8bit):4.930475777136065
                          Encrypted:false
                          SSDEEP:
                          MD5:612B7AB9F699E968F5B3206CA16EE834
                          SHA1:12685FD0B83DABB9A2004DD4C74DE4515FEA3013
                          SHA-256:DFD6D929422D1F69A727FB6B525F610562EAB183A333576516BEC0B0503CB049
                          SHA-512:EBFC01EB31143DC78D878E3B1843AF0DCEF727E9F46569B6A41B88E5397A5EBD7BBAE9CCF9BBB575C5DEA6B9AEC0B7BC4D6E9ED957CAB03999D0D7471728B186
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-includes/css/dist/block-library/style.min.css?ver=5.3.17
                          Preview:.wp-block-audio figcaption{margin-top:.5em;margin-bottom:1em}.wp-block-audio audio{width:100%;min-width:300px}.wp-block-button{color:#fff}.wp-block-button.aligncenter{text-align:center}.wp-block-button.alignright{text-align:right}.wp-block-button__link{background-color:#32373c;border:none;border-radius:28px;box-shadow:none;color:inherit;cursor:pointer;display:inline-block;font-size:18px;margin:0;padding:12px 24px;text-align:center;text-decoration:none;overflow-wrap:break-word}.wp-block-button__link:active,.wp-block-button__link:focus,.wp-block-button__link:hover,.wp-block-button__link:visited{color:inherit}.is-style-squared .wp-block-button__link{border-radius:0}.no-border-radius.wp-block-button__link{border-radius:0!important}.is-style-outline{color:#32373c}.is-style-outline .wp-block-button__link{background-color:transparent;border:2px solid}.wp-block-calendar{text-align:center}.wp-block-calendar tbody td,.wp-block-calendar th{padding:4px;border:1px solid #e2e4e7}.wp-block-calendar t

                          Chrome Cache Entry: 419

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (31997)
                          Category:downloaded
                          Size (bytes):42091
                          Entropy (8bit):5.224899429567009
                          Encrypted:false
                          SSDEEP:
                          MD5:EAC9FFC5C798C8CAACBF4FE188E27461
                          SHA1:B0881E89C732321EEB37B17D9123ED4AEBC8CDCF
                          SHA-256:F7B6329C4977F7477E81A843E0C732CACB8D58C1C514F7E497EB9E103CF9B600
                          SHA-512:7D39B43DBDCB466073981FCB1BFB334ED97A7522B5B078F1ADB6824807B388EEC267548708049D4C3B297A1384428837326C04BCFEA1895A2FB6BB372448626E
                          Malicious:false
                          Reputation:unknown
                          URL:https://d1f8f9xcsvx3ha.cloudfront.net/sbl/0.8.9/fastspring-builder.min.js?ver=1
                          Preview:/*! fastspring-builder 0.8.2 */..!function(){"use strict";function a(a){if(void 0===a||null===a)return!0;for(var b in a)if(a.hasOwnProperty(b))return!1;return JSON.stringify(a)===JSON.stringify({})}function b(a){if(g.debug||d.storage.getItem("debug")){var b=Array.prototype.slice.call(arguments);"string"==typeof a&&b.unshift("[FastSpring API] "+b.shift()),console.log.apply(console,b)}}function c(a){var b=Array.prototype.slice.call(arguments);"string"==typeof a&&b.unshift("[FastSpring API] "+b.shift()),(console.error||console.log).apply(console,b)}var d={merge:function(a,b){for(var c in b)if(b.hasOwnProperty(c))try{"products"===c?(a.products=a.products||[],a.products=a.products.concat(b.products)):"object"==typeof a[c]?a[c]=d.merge(a[c],b[c]):a[c]=b[c]}catch(d){a[c]=b[c]}return a},returnMeaningful:function(a){a.reverse();var b={},c=[];return a.forEach(function(a){b.hasOwnProperty(a.path)||(b[a.path]=!0,c.push(a))}),c},runCallback:function(a,b){"function"==typeof a&&a.apply(null,b)}},e=!0

                          Chrome Cache Entry: 420

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (10927)
                          Category:downloaded
                          Size (bytes):13849
                          Entropy (8bit):4.974421699974807
                          Encrypted:false
                          SSDEEP:
                          MD5:D6AEFFD9E0126160FF89D369C05A5FBE
                          SHA1:8480B15AD38E8E1D67960E72B513FA4F463E2CC1
                          SHA-256:95309410230B1D3148E52211DCEE018BFA011A2D69E9D7D6F81164035E8518A0
                          SHA-512:A8651BCED7F7B2F99BDEF53B45C83665A7B9930666F59F89A86B53F646E968EFAE932BEC907CF45CCADD05DFDB5C8D9C494C16008A282A46B662E5CBB7BC3C09
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-includes/js/wp-emoji-release.min.js?ver=5.3.17
                          Preview:// Source: wp-includes/js/twemoji.min.js.var twemoji=function(){"use strict";var f={base:"https://twemoji.maxcdn.com/v/12.1.3/",ext:".png",size:"72x72",className:"emoji",convert:{fromCodePoint:function(d){d="string"==typeof d?parseInt(d,16):d;if(d<65536)return a(d);return a(55296+((d-=65536)>>10),56320+(1023&d))},toCodePoint:i},onerror:function(){this.parentNode&&this.parentNode.replaceChild(g(this.alt,!1),this)},parse:function(d,u){u&&"function"!=typeof u||(u={callback:u});return("string"==typeof d?function(d,t){return o(d,function(d){var u,f,c=d,e=x(d),a=t.callback(e,t);if(e&&a){for(f in c="<img ".concat('class="',t.className,'" ','draggable="false" ','alt="',d,'"',' src="',a,'"'),u=t.attributes(d,e))u.hasOwnProperty(f)&&0!==f.indexOf("on")&&-1===c.indexOf(" "+f+"=")&&(c=c.concat(" ",f,'="',u[f].replace(b,n),'"'));c=c.concat("/>")}return c})}:function(d,u){var f,c,e,a,t,b,n,r,o,i,s,l=function d(u,f){var c,e,a=u.childNodes,t=a.length;for(;t--;)c=a[t],3===(e=c.nodeType)?f.push(c):1!==e

                          Chrome Cache Entry: 421

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (1686), with no line terminators
                          Category:downloaded
                          Size (bytes):1686
                          Entropy (8bit):5.080340211644716
                          Encrypted:false
                          SSDEEP:
                          MD5:C4637B83A3287AF6327461C1E6E57B85
                          SHA1:6D4D80411DE005CD82F2BC5CFC7DDE906699BA35
                          SHA-256:B1CA48F3E73D0BB88AC3FE40DEE51B458B853C83CD1AAED9B475D91216B5275B
                          SHA-512:F01F8BFD3AEF331CCB6760DFC50AAF3828FF5CB8004D56A64379B8843801A1CA3B4A25A18C69F91E068D78A991648A59437F41EBC3D22B5114C990F9CB644B6E
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/is-shallow-equal.min.js?ver=1.6.1
                          Preview:this.wp=this.wp||{},this.wp.isShallowEqual=function(r){var t={};function e(n){if(t[n])return t[n].exports;var o=t[n]={i:n,l:!1,exports:{}};return r[n].call(o.exports,o,o.exports,e),o.l=!0,o.exports}return e.m=r,e.c=t,e.d=function(r,t,n){e.o(r,t)||Object.defineProperty(r,t,{enumerable:!0,get:n})},e.r=function(r){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(r,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(r,"__esModule",{value:!0})},e.t=function(r,t){if(1&t&&(r=e(r)),8&t)return r;if(4&t&&"object"==typeof r&&r&&r.__esModule)return r;var n=Object.create(null);if(e.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:r}),2&t&&"string"!=typeof r)for(var o in r)e.d(n,o,function(t){return r[t]}.bind(null,o));return n},e.n=function(r){var t=r&&r.__esModule?function(){return r.default}:function(){return r};return e.d(t,"a",t),t},e.o=function(r,t){return Object.prototype.hasOwnProperty.call(r,t)},e.p="",e(e.s="mNmh")}({"1O94":function(r,t,e){"use strict

                          Chrome Cache Entry: 422

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (9833), with no line terminators
                          Category:downloaded
                          Size (bytes):9833
                          Entropy (8bit):5.017683582720058
                          Encrypted:false
                          SSDEEP:
                          MD5:519100ED09B88608579D2F022D1C19AC
                          SHA1:AF1DD76F502677BC37555958DF67656132E4D306
                          SHA-256:61C4B9EB3CCEBE2D1A29EDE778BFE99168F869C858278E61B02E29A861945BCF
                          SHA-512:B0ABDA8AAE689D675798C5D0E2E4F252C06F804BD6E33343A116BAFAA2269AD7D917C899B9E502C62CC45AFF86CA989930D936CCBEB184D19356355A2FB46F7B
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/redux-routine.min.js?ver=3.6.2
                          Preview:this.wp=this.wp||{},this.wp.reduxRoutine=function(t){var r={};function e(n){if(r[n])return r[n].exports;var u=r[n]={i:n,l:!1,exports:{}};return t[n].call(u.exports,u,u.exports,e),u.l=!0,u.exports}return e.m=t,e.c=r,e.d=function(t,r,n){e.o(t,r)||Object.defineProperty(t,r,{enumerable:!0,get:n})},e.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},e.t=function(t,r){if(1&r&&(t=e(t)),8&r)return t;if(4&r&&"object"==typeof t&&t&&t.__esModule)return t;var n=Object.create(null);if(e.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:t}),2&r&&"string"!=typeof t)for(var u in t)e.d(n,u,function(r){return t[r]}.bind(null,u));return n},e.n=function(t){var r=t&&t.__esModule?function(){return t.default}:function(){return t};return e.d(r,"a",r),r},e.o=function(t,r){return Object.prototype.hasOwnProperty.call(t,r)},e.p="",e(e.s="+ekt")}({"+ekt":function(t,r,e){"use strict";

                          Chrome Cache Entry: 423

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:Unicode text, UTF-8 text, with very long lines (38766)
                          Category:downloaded
                          Size (bytes):84040
                          Entropy (8bit):4.832766610880036
                          Encrypted:false
                          SSDEEP:
                          MD5:D442D0B49260043B2F1B9A4BBDF68B8B
                          SHA1:BF61E8920114C2812C1E0A2F2C91CBABB74A112C
                          SHA-256:6F944D84934DA070B5F32592C470E6D63EC33393B75830B1918C77B610990127
                          SHA-512:C4F5738AFEEF8CF96C0721AE69366921C789FE673B58E54C9E3BFA91C5DD68CCDDF88E6657790A958FDBC90E2EFEC44933726BCB1659B542C71DBA2FE9E8FFC1
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-includes/css/dist/block-editor/style.min.css?ver=5.3.17
                          Preview:@charset "UTF-8";.block-editor-block-drop-zone{border:none;border-radius:0}.block-editor-block-drop-zone .components-drop-zone__content,.block-editor-block-drop-zone.is-dragging-over-element .components-drop-zone__content{display:none}.block-editor-block-drop-zone.is-close-to-bottom,.block-editor-block-drop-zone.is-close-to-top{background:none}.block-editor-block-drop-zone.is-close-to-top{border-top:3px solid #0085ba}body.admin-color-sunrise .block-editor-block-drop-zone.is-close-to-top{border-top:3px solid #d1864a}body.admin-color-ocean .block-editor-block-drop-zone.is-close-to-top{border-top:3px solid #a3b9a2}body.admin-color-midnight .block-editor-block-drop-zone.is-close-to-top{border-top:3px solid #e14d43}body.admin-color-ectoplasm .block-editor-block-drop-zone.is-close-to-top{border-top:3px solid #a7b656}body.admin-color-coffee .block-editor-block-drop-zone.is-close-to-top{border-top:3px solid #c2a68c}body.admin-color-blue .block-editor-block-drop-zone.is-close-to-top{border-top:

                          Chrome Cache Entry: 424

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (8738), with CRLF, LF line terminators
                          Category:downloaded
                          Size (bytes):42691
                          Entropy (8bit):5.328444657020203
                          Encrypted:false
                          SSDEEP:
                          MD5:FA28031C475CE1016A9DE5319754C25C
                          SHA1:037DB02A2F0F28D9B78E7B299D25F479411F57A1
                          SHA-256:1FB061B4B047A26270C4E67685A8F2B8106DED67218EDDA1E8838FB50091025E
                          SHA-512:5B846FE60B9F4F9938B9983E0A6C064B30889DD54E9933B4A54C6A5B90053CD47B82E09E22898E6FDD7C265A80C2E93FEC1CDF8F4A780B547E896085B65B6152
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/download-ortelia-curator/
                          Preview:<!DOCTYPE html>.<html lang="en-US">.<head>..<meta charset="UTF-8" />.<meta http-equiv="X-UA-Compatible" content="IE=edge">..<link rel="pingback" href="https://ortelia.com/ortelia-11-2016/xmlrpc.php" />...<script type="text/javascript">...document.documentElement.className = 'js';..</script>...<title>Ortelia Curator Download Page - Ortelia Interactive</title>.. This site is optimized with the Yoast SEO plugin v13.0 - https://yoast.com/wordpress/plugins/seo/ -->.<meta name="description" content="Download 14 day free trial of Ortelia Curator Exhibition Design Software. Making exhibition design a breeze. Designed to keep your creativity in motion."/>.<meta name="robots" content="max-snippet:-1, max-image-preview:large, max-video-preview:-1"/>.<link rel="canonical" href="https://ortelia.com/download-ortelia-curator/" />.<meta property="og:locale" content="en_US" />.<meta property="og:type" content="article" />.<meta property="og:title" content="Ortelia Curator Download Page - Ortelia In

                          Chrome Cache Entry: 425

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (7711)
                          Category:downloaded
                          Size (bytes):322004
                          Entropy (8bit):5.566274484619365
                          Encrypted:false
                          SSDEEP:
                          MD5:61147DDAE2C0D867508F0EF82BB421E3
                          SHA1:37228E86A469E8A3CB08F817E04DA920D96C801D
                          SHA-256:883DB0CDC113219F58AF40EE492F34709ED91D2C17BFCD6E57E86E5AB4823142
                          SHA-512:29EF6AA01C9CDE86B91FEEFFDD38847406DDD0E7D9175AD83C119FC463D6045F14B67AB7B801CA036CDB0BB2FB21D7CAEF9D20E6591CA414C729B4850AFB86FC
                          Malicious:false
                          Reputation:unknown
                          URL:https://www.googletagmanager.com/gtag/js?id=G-001DRFK6ZD
                          Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"2",. . "macros":[{"function":"__e"},{"vtp_signal":1,"function":"__c","vtp_value":1},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0},{"vtp_signal":1,"function":"__c","vtp_value":1},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_ga_send","priority":17,"vtp_value":true,"tag_id":113},{"function":"__ogt_referral_exclusion","priority":17,"vtp_includeConditions":["list","ortelia\\.com"],"tag_id":115},{"function":"__ogt_session_timeout","priority":17,"vtp_sessionMinutes":30,"vtp_sessionHours":0,"tag_id":116},{"function":"__ogt_1p_data_v2","priority":17,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":""

                          Chrome Cache Entry: 426

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
                          Category:downloaded
                          Size (bytes):48236
                          Entropy (8bit):7.994912604882335
                          Encrypted:true
                          SSDEEP:
                          MD5:015C126A3520C9A8F6A27979D0266E96
                          SHA1:2ACF956561D44434A6D84204670CF849D3215D5F
                          SHA-256:3C4D6A1421C7DDB7E404521FE8C4CD5BE5AF446D7689CD880BE26612EAAD3CFA
                          SHA-512:02A20F2788BB1C3B2C7D3142C664CDEC306B6BA5366E57E33C008EDB3EB78638B98DC03CDF932A9DC440DED7827956F99117E7A3A4D55ACADD29B006032D9C5C
                          Malicious:false
                          Reputation:unknown
                          URL:https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
                          Preview:wOF2.......l......D...............................O..B..h?HVAR.x.`?STAT.$'...0+...|.../V........+..2.0..6.6.$..`. ..~......[B4q.....t..P.M_.z...1..R.S*...u.#..R....fR.1.N.v.N.P...;.2........!Z......Qs...5f.G.K.an2&....2...*......C.H.t..N!.....nh.<(.vN.....j.._.L.P.t..Ai.%.............._I.i,..o,C.].H.X9.....a.=N....k.....n.L..k.f.u..{...:.}^\[..~5...Z`...........`!...%4..,...K0..&.a/....P....S....m.Z......u...D.j.F...f.0`I.`.`.h#..)(FQ.F!o$........S.).MV8%Rh...r...x...T]$.=......Y...!.3.&U..."....Q....{.l/0..d..4iJ/..}...3....i[Z..NG.WD...>.[U..Q.h..@m.=..S...1C2...d...<..v.?.q.f..n...OUz.....&Z......Z."..N.....n...9.B..C..W....}...W..6Zs.i.+Z........jB.n..x.8M.....q..@I....-.%..,C,..K..#.2...4)/.v_..x.<....t.....%[.4?.=j.V..jj''..W.u..q....I.L.=......E...\.M.7{.>......W........C.`...,9$......\..o........y...4A..m.P.,X..=?.:................wF`..+.P..........M!.4.......l.>M..t.ff5r..^..Z.g...!fA,hIIQ...e.R>B.AH.VuX..>..\.=.ky...1>C....>C.c.;...6D.

                          Chrome Cache Entry: 427

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (1665), with no line terminators
                          Category:downloaded
                          Size (bytes):1665
                          Entropy (8bit):5.043142754557988
                          Encrypted:false
                          SSDEEP:
                          MD5:850A2B486B7ECF4EF41CF1AE19F8856E
                          SHA1:8051EC6FCEEC9D4855FDCABFFD3C67831D2B1C31
                          SHA-256:001B773686A6848DDFFA98BEC9A2B5EC7A2CFE68395C3815644707175C0A3742
                          SHA-512:26879514D7A2B9D68F39FCE52BC1A7135F42DB8C9F6525F37366D6F3EA0475859EACF19905A1CF1F6DC0227702E382D8B4888470F8E19DBB9FB54291DA956B11
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/deprecated.min.js?ver=2.6.1
                          Preview:this.wp=this.wp||{},this.wp.deprecated=function(e){var t={};function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}return n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var o in e)n.d(r,o,function(t){return e[t]}.bind(null,o));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s="+BeG")}({"+BeG":function(e,t,n){"use strict";n.

                          Chrome Cache Entry: 428

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:Unicode text, UTF-8 text, with very long lines (18418), with no line terminators
                          Category:downloaded
                          Size (bytes):18448
                          Entropy (8bit):4.918699221339293
                          Encrypted:false
                          SSDEEP:
                          MD5:84137FBDB381A4AC10C3B0AE548615E2
                          SHA1:19C99EFF0C10267FF8A955994CF302461E22B6CA
                          SHA-256:810D35CD3AFD2969EA108F833262A6137A82F41A725D4B08E345D0C232768720
                          SHA-512:503B324F0F8722F54502440D58FF473D351D9E8641B1E8427FF4095FB16C12C942168C75A96A000392D2AAFF2C4AA912DBA86F1749A2915ACE3A30F5C94784F7
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-includes/css/dist/editor/style.min.css?ver=5.3.17
                          Preview:@charset "UTF-8";.editor-autocompleters__block .editor-block-icon{margin-right:8px}.editor-autocompleters__user .editor-autocompleters__user-avatar{margin-right:8px;flex-grow:0;flex-shrink:0;max-width:none;width:24px;height:24px}.editor-autocompleters__user .editor-autocompleters__user-name{white-space:nowrap;text-overflow:ellipsis;overflow:hidden;max-width:200px;flex-shrink:0;flex-grow:1}.editor-autocompleters__user .editor-autocompleters__user-slug{margin-left:8px;color:#8f98a1;white-space:nowrap;text-overflow:ellipsis;overflow:none;max-width:100px;flex-grow:0;flex-shrink:0}.editor-autocompleters__user:hover .editor-autocompleters__user-slug{color:#66c6e4}.document-outline{margin:20px 0}.document-outline ul{margin:0;padding:0}.document-outline__item{display:flex;margin:4px 0}.document-outline__item a{text-decoration:none}.document-outline__item .document-outline__emdash:before{color:#e2e4e7;margin-right:4px}.document-outline__item.is-h2 .document-outline__emdash:before{content:"."}

                          Chrome Cache Entry: 429

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (1408), with no line terminators
                          Category:downloaded
                          Size (bytes):1408
                          Entropy (8bit):5.0465504067648155
                          Encrypted:false
                          SSDEEP:
                          MD5:B57FE2AA7B3B16F6203A374CDDBB010D
                          SHA1:F187CFCC266946FEB3BF8D56B2CE27EFD9B16332
                          SHA-256:6A101E8471851CBDFEB1BD444E3DECA13B7AF3110FC207C3CE5BE72585D93EA2
                          SHA-512:26F2FE74B07930E0B7F0F7F7DD605C79604EE381274B6A3FA20F633E9087F889E6A777BDD898C92EB754DA92DF439FFCF3B00534D3BDADB150DDDD173F247E5A
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/blob.min.js?ver=2.5.1
                          Preview:this.wp=this.wp||{},this.wp.blob=function(e){var t={};function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}return n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var o in e)n.d(r,o,function(t){return e[t]}.bind(null,o));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s="ca5x")}({ca5x:function(e,t,n){"use strict";n.r(t),n.d

                          Chrome Cache Entry: 430

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text
                          Category:downloaded
                          Size (bytes):5533
                          Entropy (8bit):5.039013935080485
                          Encrypted:false
                          SSDEEP:
                          MD5:13B2F87FB1E96DEF14F89E1ED9F9E1AD
                          SHA1:646E4A80A344009C6887C045E804C75529F92EA5
                          SHA-256:A4F6E138D459D8545A38365BD53345973FBB0092D834209C8AB4BB66F32D2E01
                          SHA-512:80B43C26E0FC0CDCB8672DB4904B4B6A4BAF518ED109E97BA6F79B2299B9D18C38F52DD18AEF181C4E36EDD3CE068CC96EDEADCE8CDFDBE186C8235EE8607442
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-content/themes/Divi-child/style.css?ver=4.0.6
                          Preview:/*. Theme Name: Divi Child Theme. Description: A child theme of the Divi default WordPress theme. Author: Alexandra Jarossay. Template: Divi. Version: 1.0.0.*/. .@import url("../Divi/style.css");. ./* =Theme customization starts here.------------------------------------------------------- */../*. * Layout. */..et_pb_text_inner{...}..et_pb_row_6 {. padding: 0;.}..et_pb_column_1_6 {. margin: 0 !important; . width: 16.66667% !important;.}..et_pb_column_1_6 .et_pb_text {. display: flex;. justify-content: center;. align-items: center;. height: 80px;.}..et_pb_column_1_6 .et_pb_text p{. text-align: center;.}../*. * Custom Post. */. #content-area {. max-width: 700px; . margin: 0 auto;. }. ..custom_post_meta_wrapper {. background-color: #fff;. padding-top: 100px;. text-align: center;.}...custom_post_meta_wrapper h1.entry-title {. max-width: 700px;. font-size: 50px;. text-align: center;. margin: 30px auto;. line-height: 1.3;.}...custom_post_m

                          Chrome Cache Entry: 431

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (32058), with no line terminators
                          Category:downloaded
                          Size (bytes):32058
                          Entropy (8bit):5.146812459954578
                          Encrypted:false
                          SSDEEP:
                          MD5:2F8B571930D23AF71C674187F3779580
                          SHA1:B2FD9AA8B89FE0CCB8DC51FC6ADB7BB1ECA1CF2B
                          SHA-256:56ECF00DDD8D2FE0B57C54E9D0FB04467CBE2DA325D8DDA48A1EFCDF64FBEAD5
                          SHA-512:6E175C593D1369C6A66E8EFF2231E7441407A0DC5D0C441C80E05337E68F874C0BB939AEF937BB3D5C72074A2B22B24276B0027F2732A87EF17F5873A71E93CC
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/data.min.js?ver=4.9.2
                          Preview:this.wp=this.wp||{},this.wp.data=function(t){var e={};function r(n){if(e[n])return e[n].exports;var o=e[n]={i:n,l:!1,exports:{}};return t[n].call(o.exports,o,o.exports,r),o.l=!0,o.exports}return r.m=t,r.c=e,r.d=function(t,e,n){r.o(t,e)||Object.defineProperty(t,e,{enumerable:!0,get:n})},r.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},r.t=function(t,e){if(1&e&&(t=r(t)),8&e)return t;if(4&e&&"object"==typeof t&&t&&t.__esModule)return t;var n=Object.create(null);if(r.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:t}),2&e&&"string"!=typeof t)for(var o in t)r.d(n,o,function(e){return t[e]}.bind(null,o));return n},r.n=function(t){var e=t&&t.__esModule?function(){return t.default}:function(){return t};return r.d(e,"a",e),e},r.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},r.p="",r(r.s="pfJ3")}({"25BE":function(t,e,r){"use strict";function

                          Chrome Cache Entry: 432

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (7081), with no line terminators
                          Category:downloaded
                          Size (bytes):7081
                          Entropy (8bit):5.361388960480087
                          Encrypted:false
                          SSDEEP:
                          MD5:CE765395A05B7D17345A7B4578852CC0
                          SHA1:34C8D11C83FE1ED05D211E214694493F22C49430
                          SHA-256:FACEF80239E29E5D6E89E921124E0EF96704FEC191B7640BD3552DB1E804F514
                          SHA-512:4E77CB36B17A045AF1F36BE47F847BC1541A233CB9E3D87573703C080B11152707C6C7C31CEB9E6A3ECC97C2C6C4EB4A2DBEBCE268E10C94158DF91AB959C087
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/autop.min.js?ver=2.5.1
                          Preview:this.wp=this.wp||{},this.wp.autop=function(e){var r={};function n(t){if(r[t])return r[t].exports;var p=r[t]={i:t,l:!1,exports:{}};return e[t].call(p.exports,p,p.exports,n),p.l=!0,p.exports}return n.m=e,n.c=r,n.d=function(e,r,t){n.o(e,r)||Object.defineProperty(e,r,{enumerable:!0,get:t})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,r){if(1&r&&(e=n(e)),8&r)return e;if(4&r&&"object"==typeof e&&e&&e.__esModule)return e;var t=Object.create(null);if(n.r(t),Object.defineProperty(t,"default",{enumerable:!0,value:e}),2&r&&"string"!=typeof e)for(var p in e)n.d(t,p,function(r){return e[r]}.bind(null,p));return t},n.n=function(e){var r=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(r,"a",r),r},n.o=function(e,r){return Object.prototype.hasOwnProperty.call(e,r)},n.p="",n(n.s="zbAn")}({DSFK:function(e,r,n){"use strict";function

                          Chrome Cache Entry: 434

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (5555), with no line terminators
                          Category:downloaded
                          Size (bytes):5555
                          Entropy (8bit):5.124616832700892
                          Encrypted:false
                          SSDEEP:
                          MD5:D5B9C5921CFD8CCB98E341DBB57738B3
                          SHA1:2B6D2F220DC7773E587D9A7CF6E8FE94B219F642
                          SHA-256:CAB9228187B0232700F03B182963AD62B2303803D4843AD095492843CA501454
                          SHA-512:3EEBB7723B1D0E19D77E559276691943E9D7CB502648F0EACC13123A476E6FCAF64E3E93C05CD74591A8662F387E3B98810A88BBE91A653C5388FB1309F90852
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/hooks.min.js?ver=2.6.0
                          Preview:this.wp=this.wp||{},this.wp.hooks=function(n){var r={};function e(t){if(r[t])return r[t].exports;var o=r[t]={i:t,l:!1,exports:{}};return n[t].call(o.exports,o,o.exports,e),o.l=!0,o.exports}return e.m=n,e.c=r,e.d=function(n,r,t){e.o(n,r)||Object.defineProperty(n,r,{enumerable:!0,get:t})},e.r=function(n){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(n,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(n,"__esModule",{value:!0})},e.t=function(n,r){if(1&r&&(n=e(n)),8&r)return n;if(4&r&&"object"==typeof n&&n&&n.__esModule)return n;var t=Object.create(null);if(e.r(t),Object.defineProperty(t,"default",{enumerable:!0,value:n}),2&r&&"string"!=typeof n)for(var o in n)e.d(t,o,function(r){return n[r]}.bind(null,o));return t},e.n=function(n){var r=n&&n.__esModule?function(){return n.default}:function(){return n};return e.d(r,"a",r),r},e.o=function(n,r){return Object.prototype.hasOwnProperty.call(n,r)},e.p="",e(e.s="gEOj")}({"25BE":function(n,r,e){"use strict";functio

                          Chrome Cache Entry: 435

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (31997)
                          Category:downloaded
                          Size (bytes):96873
                          Entropy (8bit):5.372169393547772
                          Encrypted:false
                          SSDEEP:
                          MD5:49EDCCEA2E7BA985CADC9BA0531CBED1
                          SHA1:F8747F8EE704D9AF31D0950015E01D3F9635B070
                          SHA-256:1DB21D816296E6939BA1F42962496E4134AE2B0081E26970864C40C6D02BB1DF
                          SHA-512:F766DF685B673657BDF57551354C149BE2024385102854D2CA351E976684BB88361EAE848F11F714E6E5973C061440831EA6F5BE995B89FD5BD2D4559A0DC4A6
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
                          Preview:/*! jQuery v1.12.4 | (c) jQuery Foundation | jquery.org/license | WordPress 2019-05-16 */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="1.12.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?a<0?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,fu

                          Chrome Cache Entry: 436

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (526)
                          Category:downloaded
                          Size (bytes):13317
                          Entropy (8bit):5.36938963465719
                          Encrypted:false
                          SSDEEP:
                          MD5:F80458708D0A9701B76D741D35B6722F
                          SHA1:7DF21035302D6FE31FB09AE7A35432DB12A6B352
                          SHA-256:D797BB58F111874A36C0EE0B3504B5E7A6B42D9E84A581D8F70CC0A72AA27B4F
                          SHA-512:1342DE461A251249ABFD196A4E1ECE69ADB3474463CC0CDE237819A201AD1045A3E5863A63049BF7CC1384EE3A4B14BA5569AFAFBC15D98C4AF5D3CA34665B21
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/vendor/react.min.js?ver=16.9.0
                          Preview:/** @license React v16.9.0. * react.production.min.js. *. * Copyright (c) Facebook, Inc. and its affiliates.. *. * This source code is licensed under the MIT license found in the. * LICENSE file in the root directory of this source tree.. */.'use strict';(function(t,q){"object"===typeof exports&&"undefined"!==typeof module?module.exports=q():"function"===typeof define&&define.amd?define(q):t.React=q()})(this,function(){function t(a){for(var b=a.message,c="https://reactjs.org/docs/error-decoder.html?invariant="+b,d=1;d<arguments.length;d++)c+="&args[]="+encodeURIComponent(arguments[d]);a.message="Minified React error #"+b+"; visit "+c+" for the full message or use the non-minified dev environment for full errors and additional helpful warnings. ";.return a}function q(a,b,c){this.props=a;this.context=b;this.refs=fa;this.updater=c||ha}function ia(){}function O(a,b,c){this.props=a;this.context=b;this.refs=fa;this.updater=c||ha}function ja(a,b,c){var d=void 0,g={},k=null,e=null;if(null!=b)f

                          Chrome Cache Entry: 437

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (62142)
                          Category:downloaded
                          Size (bytes):156176
                          Entropy (8bit):5.571032440767143
                          Encrypted:false
                          SSDEEP:
                          MD5:A13A80E20F889342C68CFEE9850BC146
                          SHA1:403BB5B331CD343ADED2D8F88A312F90AC6DB2C2
                          SHA-256:1408922173B4B385852383626D3B3BE19835FC47DAB952F226930A5B20EB9A0D
                          SHA-512:E6114F08C47AE3C7954D668AEFEF29AC401112A7AAFD053A4C10D58EDBB393FABBF92B4347BA72BDD8099C5C67419E6B065DC70DCCA8BF0ABF1424D41273AD53
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/blocks.min.js?ver=6.7.3
                          Preview:this.wp=this.wp||{},this.wp.blocks=function(e){var t={};function r(n){if(t[n])return t[n].exports;var a=t[n]={i:n,l:!1,exports:{}};return e[n].call(a.exports,a,a.exports,r),a.l=!0,a.exports}return r.m=e,r.c=t,r.d=function(e,t,n){r.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:n})},r.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.t=function(e,t){if(1&t&&(e=r(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(r.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var a in e)r.d(n,a,function(t){return e[t]}.bind(null,a));return n},r.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return r.d(t,"a",t),t},r.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},r.p="",r(r.s="0ATp")}({"0ATp":function(e,t,r){"use strict";r.r(t)

                          Chrome Cache Entry: 438

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (9322), with no line terminators
                          Category:downloaded
                          Size (bytes):9322
                          Entropy (8bit):5.11823961573372
                          Encrypted:false
                          SSDEEP:
                          MD5:EAF34A70B058CAED1CC33E4EB15BF8DD
                          SHA1:970A758DD312283B3560A42713AC99D6C36C0CC7
                          SHA-256:2EA5DA3376DB367AF52AF4FDE0E02F2FC0F0F6F9C16AF7F2A7071F6F3F371D0B
                          SHA-512:C162A5AF0EE03B20DEC6385280D8D287EE6A30F41476C5953232A83D0FD2D6D7C61F2A4EAED5B65A065BB73A391B4283FCC98738EE2F40407A3D07B9A8A8E3B3
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/element.min.js?ver=2.8.2
                          Preview:this.wp=this.wp||{},this.wp.element=function(e){var t={};function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}return n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var o in e)n.d(r,o,function(t){return e[t]}.bind(null,o));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s="o/Ny")}({Ff2n:function(e,t,n){"use strict";functio

                          Chrome Cache Entry: 439

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text
                          Category:downloaded
                          Size (bytes):10134
                          Entropy (8bit):5.5111418130136505
                          Encrypted:false
                          SSDEEP:
                          MD5:983F4D0C8EA4663350F28F7BA051E9BE
                          SHA1:78D3F42047DE76A9C36A46867AC557C67956BAF7
                          SHA-256:F34FB057BB101500E05A36BD0ACBD27316C1FD2621B44A2E1A1B30E743EEA6CA
                          SHA-512:FF438A1DE44E9BCB8AB50DA3B5B2F3A6D093EFB37151C4E99CDC49F9087E9F611D471A1D43F0AE2F46104447EC1D3EE060C5C3A0DFAC9B59A2FC3DA33A00BDB5
                          Malicious:false
                          Reputation:unknown
                          URL:https://fonts.googleapis.com/css?family=Noto+Serif%3A400%2C400i%2C700%2C700i&ver=5.3.17
                          Preview:/* cyrillic-ext */.@font-face {. font-family: 'Noto Serif';. font-style: italic;. font-weight: 400;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/notoserif/v23/ga6faw1J5X9T9RW6j9bNfFIMZhhWnFTyNZIQD1-_P3Lct-FG.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Noto Serif';. font-style: italic;. font-weight: 400;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/notoserif/v23/ga6faw1J5X9T9RW6j9bNfFIMZhhWnFTyNZIQD1-_P3vct-FG.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* greek-ext */.@font-face {. font-family: 'Noto Serif';. font-style: italic;. font-weight: 400;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/notoserif/v23/ga6faw1J5X9T9RW6j9bNfFIMZhhWnFTyNZIQD1-_P3Pct-FG.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./* greek */.@font-face {. font-family: 'Noto Serif';.

                          Chrome Cache Entry: 440

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=2, orientation=upper-left], baseline, precision 8, 244x79, components 3
                          Category:downloaded
                          Size (bytes):7402
                          Entropy (8bit):7.872248717606417
                          Encrypted:false
                          SSDEEP:
                          MD5:B4CE0B4C33BA7464ABAD27B78AC82F3F
                          SHA1:B74922D7B46C2E8969432BEE3D03C2B56C8A91B7
                          SHA-256:16F4C171696A71A447FA2FEAEAFA6558E68D2A528D8DBC40675325F6D7E6AA19
                          SHA-512:8A2BE7CDADEE39617EF14D5DFB1B34E7E0D097000105308C130B949F8CBF1EFF0133255D586FB7113D7F6AB10A9918050C694D3BBA9F74806A1DE8B0630F24B8
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-content/uploads/2016/09/ortelia-logo.jpg
                          Preview:......JFIF.....H.H.....XExif..MM.*...................i.........&.........................................O.......8Photoshop 3.0.8BIM........8BIM.%..................B~......O...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz...........................................................................C....................................................................C...................................................................................?.....(.....~../..."..L....]Gn.. v.........V...u......j:.5...Y.Oee*.<Vh~K....F.Hx..v............x.Y.......4.@.p...T...1_I.p.Z.U+>X.?..#....!.?.O....R?d...Iei....E.M+K..o.^..V..d...=....Y?e.BQ..x.M....+r...eo..-.

                          Chrome Cache Entry: 441

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:Unicode text, UTF-8 text, with very long lines (34747), with NEL line terminators
                          Category:downloaded
                          Size (bytes):99133
                          Entropy (8bit):5.413795487854038
                          Encrypted:false
                          SSDEEP:
                          MD5:7D2EF4BB244BAC8A81D13EF4382D168E
                          SHA1:A6FC91F32DB89C2FE0C3EB2D15C13E20C1D6C8A4
                          SHA-256:96ED609B415BE6EE67EADB8D2DE7CE64D13DE9C928BCE8E1373BEC97E233E74C
                          SHA-512:1627BF7D0CCE98331185F075BC85ABC8A1ABC8F4739D187A57F91EC9FDB197276EDAD571DF59490A50167BD4FAEC9706103C01E4FE70ADA4A3BB54C7F2FBECD4
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.4.4
                          Preview:!function e(u,c,a){function s(r,t){if(!c[r]){if(!u[r]){var n="function"==typeof require&&require;if(!t&&n)return n(r,!0);if(f)return f(r,!0);var i=new Error("Cannot find module '"+r+"'");throw i.code="MODULE_NOT_FOUND",i}var o=c[r]={exports:{}};u[r][0].call(o.exports,function(t){var n=u[r][1][t];return s(n||t)},o,o.exports,e,u,c,a)}return c[r].exports}for(var f="function"==typeof require&&require,t=0;t<a.length;t++)s(a[t]);return s}({1:[function(t,n,r){"use strict";t(2);var e=function _interopRequireDefault(t){return t&&t.__esModule?t:{default:t}}(t(15));e.default._babelPolyfill&&"undefined"!=typeof console&&console.warn&&console.warn("@babel/polyfill is loaded more than once on this page. This is probably not desirable/intended and may have consequences if different versions of the polyfills are applied sequentially. If you do need to load the polyfill more than once, use @babel/polyfill/noConflict instead to bypass the warning."),e.default._babelPolyfill=!0},{15:15,2:2}],2:[function(

                          Chrome Cache Entry: 442

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, modules
                          Category:downloaded
                          Size (bytes):92400
                          Entropy (8bit):6.338905888169191
                          Encrypted:false
                          SSDEEP:
                          MD5:DE27B3E66B2F8017E000AA9D8D24D60E
                          SHA1:E6D716DE8F35BA6DAF55D57E7FE0ED8D8E50F1F7
                          SHA-256:D201A2C3118A00C82CC48E89815F5139F23956BBE248107DCF522ACC77B97C09
                          SHA-512:F62A3C304DC43B6FC6B8DD8AF84863F9651C8BDCE5BECD35503929482799FBE253C7AAD3A94966713B2CA71C4CCFBB1E67F2ECC30634955284EBC81FD983C238
                          Malicious:false
                          Reputation:unknown
                          URL:https://ortelia.com/ortelia-11-2016/wp-content/themes/Divi/core/admin/fonts/modules.ttf
                          Preview:...........0OS/2...........`cmap..........dgasp............glyf4.v.......[.head.....],...6hhea.A....]d...$hmtxa.c...]....hloca...R..c....6maxp......g(... name.X....gH....post......h.... ...........................3...................................@.........@...@............... .................................H.............~...&........... .............. b.l..........................................79..................79..................79.......I.@...>.#..%265...2764/...'&"....0"1.....2?..... ...........................@...s...............................I.B...@.#..."...'&".....021....27>.?.64'&"...4&. ............................@...........................s........................0.1..2764/.!2654&#!764'&"..0.1......18.1..............s...............................................................(.....3!.....2?.>.7>.58.9.4&'../.&".....!"......s.................................................................I.w.@.*.....326=...2764'.32654&#!".....0"10.1......1.............v.....

                          Chrome Cache Entry: 443

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (1572)
                          Category:downloaded
                          Size (bytes):56115
                          Entropy (8bit):5.347323537885137
                          Encrypted:false
                          SSDEEP:
                          MD5:3C89B4E5563F4BA0410A1D7D4F3AD23E
                          SHA1:6455000459BF2AD68625B8B554A652CC84145261
                          SHA-256:B17609553B24140FC01409B78FA834FE878DE6410FE9E8996B0A5F6A984DDD6D
                          SHA-512:F85D5BA57633E85A9A3DC826A33DE76FF22725DE7398FC0049E1395CD46603F0B1F2E1BB47422BCF0D2D71FC2BA497322CFC40EF5101A3FF25E89757E4F6CA56
                          Malicious:false
                          Reputation:unknown
                          URL:https://fonts.googleapis.com/css?family=Open+Sans%3A300%2C300italic%2Cregular%2Citalic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic&ver=5.3.17
                          Preview:/* cyrillic-ext */.@font-face {. font-family: 'Open Sans';. font-style: italic;. font-weight: 300;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWtE6F15M.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Open Sans';. font-style: italic;. font-weight: 300;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWvU6F15M.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* greek-ext */.@font-face {. font-family: 'Open Sans';. font-style: italic;. font-weight: 300;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWtU6F15M.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./* greek */.@font-face {. font-family: 'Open Sans';. font-style

                          Static File Info

                          No static file info