popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

taxpreperationz.exe

Gen1 NSIS Generic Malware Malicious Library Antivirus UPX Malicious Packer Javascript_Blob Anti_VM ftp PE File PE64 PNG Format OS Processor Check PE32 DLL icon
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 July 31, 2024, 10:15 a.m. July 31, 2024, 10:17 a.m.
Size 70.7MB
Type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 20bbb7f851683930e080e888e1fd7c5f
SHA256 03062884e40996d142788d7a88b364ff0e59315e085fff2edca7cb453595f6d5
CRC32 F2A4A918
ssdeep 1572864:z4gPXMovLsbc4xHSmkmAC+qko7JXlW24P/ni0ZxoKye247dz7:z4AcmLgc4xHSmz+po7pl3yi0Z+Kyepz7
Yara
  • Malicious_Library_Zero - Malicious_Library
  • NSIS_Installer - Null Soft Installer
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .ndata
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 3048
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74035000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1236
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000004bb0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0
Time & API Arguments Status Return Repeated

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 8402280448
root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Explorer
total_number_of_bytes: 0
1 1 0
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\seco-file\node_modules\fs-extra\lib\copy-sync\index.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\rc\browser.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\minipass-sized\index.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\minizlib\node_modules\minipass\index.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\mkdirp\dist\cjs\src\index-cjs.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\axios\lib\adapters\http.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\node-abi\node_modules\semver\functions\clean.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-gyp\gyp\gyp.bat
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\node-abi\node_modules\semver\index.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\tar\lib\types.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\has-property-descriptors\index.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\unique-filename\coverage\prettify.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\negotiator\lib\charset.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\secure-container\lib\crypto.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\minipass-collect\index.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\socks\build\common\util.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\axios\lib\cancel\isCancel.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\possible-typed-array-names\index.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\secure-container\src\file.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\ip-address\dist\v6\helpers.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\node-abi\node_modules\semver\internal\parse-options.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\node-abi\node_modules\semver\classes\semver.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\secure-container\src\util.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\minipass-fetch\index.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-gyp\lib\configure.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\axios\lib\helpers\cookies.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\wrap-ansi\node_modules\emoji-regex\es2015\index.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\human-signals\build\src\core.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-gyp\lib\list.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\readable-stream\lib\internal\streams\operators.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\readable-stream\lib\internal\streams\lazy_transform.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\string-width-cjs\index.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\make-fetch-happen\lib\index.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\signal-exit\dist\cjs\signals.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\package-json-from-dist\dist\esm\index.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\fs-extra\lib\move\move-sync.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\glob\dist\esm\ignore.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\semver\functions\rcompare.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\foreground-child\dist\commonjs\proxy-signals.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\axios\lib\helpers\progressEventReducer.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\node-abi\node_modules\semver\ranges\min-satisfying.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\@npmcli\fs\lib\mkdir\polyfill.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\arrify\index.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\asynckit\index.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\node-abi\node_modules\semver\functions\major.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\axios\lib\axios.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\tar-stream\sandbox.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\axios\lib\adapters\xhr.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\axios\lib\platform\node\index.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\prebuild-install\error.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\StdUtils.dll
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\nsis7z.dll
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\resources\elevate.exe
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exe
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\System.dll
section {u'size_of_data': u'0x00009a00', u'virtual_address': u'0x0010b000', u'entropy': 7.840789261909748, u'name': u'.rsrc', u'virtual_size': u'0x00009930'} entropy 7.84078926191 description A section with a high entropy has been found
entropy 0.538461538462 description Overall entropy of this PE file is high
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeSecurityPrivilege
1 1 0
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-gyp\gyp\pylib\gyp\generator\analyzer.py
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-gyp\gyp\pylib\gyp\generator\analyzer.py
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\Setup.exe
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\hr.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\gu.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\ja.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\lv.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\cs.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\en-GB.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\resources\app.asar.unpacked\node_modules\iconv-lite\encodings\sbcs-data-generated.js
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\sv.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\bn.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\et.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\pt-BR.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\mr.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\chrome_200_percent.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\es-419.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\nl.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\sk.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\fil.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\af.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\hi.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\vi.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\he.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\resources\app.asar
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\el.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\hu.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\ta.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\it.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\sl.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\am.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\te.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\lt.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\ml.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\kn.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\es.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\th.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\pt-PT.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\fr.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\ru.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\ms.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\uk.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\ko.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\bg.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\ur.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\fi.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\tr.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\snapshot_blob.bin
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\zh-CN.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\resources.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\ca.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\locales\nb.pak
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\icudtl.dat
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\minipass-sized\index.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-gyp\gyp\pylib\gyp\MSVSSettings.py
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\mkdirp\dist\cjs\src\index-cjs.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\axios\lib\adapters\http.js
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\resources\app.asar.unpacked\node_modules\glob\dist\commonjs\package.json
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\resources\app.asar.unpacked\node_modules\fs-extra\lib\ensure\link.js
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-gyp\gyp\pylib\gyp\generator\eclipse.py
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\resources\app.asar.unpacked\node_modules\cross-spawn\package.json
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\jackspeak\dist\esm\parse-args.js.map
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\indent-string\index.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-gyp\gyp\gyp
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\http-proxy-agent\dist\agent.js.map
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\axios\lib\helpers\trackStream.js
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\resources\app.asar.unpacked\node_modules\mkdirp\dist\mjs\mkdirp-manual.js
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\resources\app.asar.unpacked\node_modules\axios\lib\env\classes\FormData.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\secure-container\src\util.js
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\resources\app.asar.unpacked\node_modules\are-we-there-yet\lib\index.js
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\resources\app.asar.unpacked\node_modules\readable-stream\lib\internal\streams\legacy.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\axios\lib\helpers\cookies.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\unique-filename\coverage\prettify.css
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\ip-address\dist\v6\constants.d.ts.map
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\icudtl.dat
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\resources\app.asar.unpacked\node_modules\axios\lib\helpers\throttle.js
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\resources\app.asar.unpacked\node_modules\string-width-cjs\node_modules\strip-ansi\package.json
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\resources\app.asar.unpacked\node_modules\signal-exit\dist\mjs\package.json
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\chrome_200_percent.pak
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\foreground-child\dist\commonjs\proxy-signals.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\src\database.h
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\ms\license.md
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\gauge\lib\set-immediate.js
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\resources\app.asar.unpacked\node_modules\bl\package.json
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-gyp\gyp\pylib\gyp\MSVSVersion.py
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\node-abi\node_modules\semver\ranges\min-satisfying.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\@npmcli\fs\lib\mkdir\polyfill.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\asynckit\index.js
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\resources\app.asar.unpacked\node_modules\base64-js\index.js
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\node-gyp\gyp\tools\README
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\resources\app.asar.unpacked\node_modules\asynckit\lib\abort.js
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\resources\app.asar.unpacked\node_modules\infer-owner\index.js
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\resources\app.asar.unpacked\node_modules\tar\node_modules\mkdirp\index.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\StdUtils.dll
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\resources\app.asar.unpacked\node_modules\process\LICENSE
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\axios\lib\adapters\adapters.js
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\LICENSE
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\cacache\lib\entry-index.js
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\resources\app.asar.unpacked\node_modules\tar\lib\get-write-flag.js
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\resources\app.asar.unpacked\node_modules\axios\lib\core\README.md
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\node_modules\semver\LICENSE
file C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\resources\app.asar.unpacked\node_modules\socks\docs\examples\typescript\connectExample.md
file C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\resources\app.asar.unpacked\node_modules\indent-string\index.js
Time & API Arguments Status Return Repeated

NtWriteFile

 buffer: upon 60 days notice from Participant terminate prospectively, unless if within 60 days after receipt of notice You either: (i) agree in writing to pay Participant a mutually agreeable reasonable royalty for Your past and future use of Modifications made by such Participant, or (ii) withdraw Your litigation claim with respect to the Contributor Version against such Participant. If within 60 days of notice, a reasonable royalty and payment arrangement are not mutually agreed upon in writing by the parties or the litigation claim is not withdrawn, the rights granted by Participant to You under Sections 2.1 and/or 2.2 automatically terminate at the expiration of the 60 day notice period specified above. (b) any software, hardware, or device, other than such Participant's Contributor Version, directly or indirectly infringes any patent, then any rights granted to You by such Participant under Sections 2.1(b) and 2.2(b) are revoked effective as of the date You first made, used, sold, distributed, or had made, Modifications made by that Participant. 8.3. If You assert a patent infringement claim against Participant alleging that such Participant's Contributor Version directly or indirectly infringes any patent where such claim is resolved (such as by license or settlement) prior to the initiation of patent infringement litigation, then the reasonable value of the licenses granted by such Participant under Sections 2.1 or 2.2 shall be taken into account in determining the amount or value of any payment or license. 8.4. In the event of termination under Sections 8.1 or 8.2 above, all end user license agreements (excluding distributors and resellers) which have been validly granted by You or any distributor hereunder prior to termination shall survive termination. 9. LIMITATION OF LIABILITY. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER TORT (INCLUDING NEGLIGENCE), CONTRACT, OR OTHERWISE, SHALL YOU, THE INITIAL DEVELOPER, ANY OTHER CONTRIBUTOR, OR ANY DISTRIBUTOR OF COVERED CODE, OR ANY SUPPLIER OF ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES, EVEN IF SUCH PARTY SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. 10. U.S. GOVERNMENT END USERS. The Covered Code is a ''commercial item,'' as that term is defined in 48 C.F.R. 2.101 (Oct. 1995), consisting of ''commercial computer software'' and ''commercial computer software documentation,'' as such terms are used in 48 C.F.R. 12.212 (Sept. 1995). Consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4 (June 1995), all U.S. Government End Users acquire Covered Code with only those rights set forth herein. 11. MISCELLANEOUS. This License represents the complete agreement concerning subject matter hereof. If any provision of this License is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. This License shall be governed by California law provisions (except to the extent applicable law, if any, provides otherwise), excluding its conflict-of-law provisions. With respect to disputes in which at least one party is a citizen of, or an entity chartered or registered to do business in the United
offset: 0
file_handle: 0x00000214
filepath: C:\Users\test22\AppData\Local\Temp\nsu35E1.tmp\7z-out\LICENSES.chromium.html
1 0 0

NtWriteFile

 buffer: OF WARRANTY. COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS'' BASIS, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE COVERED CODE IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE COVERED CODE IS WITH YOU. SHOULD ANY COVERED CODE PROVE DEFECTIVE IN ANY RESPECT, YOU (NOT THE INITIAL DEVELOPER OR ANY OTHER CONTRIBUTOR) ASSUME THE COST OF ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF ANY COVERED CODE IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS DISCLAIMER. 8. TERMINATION. 8.1. This License and the rights granted hereunder will terminate automatically if You fail to comply with terms herein and fail to cure such breach within 30 days of becoming aware of the breach. All sublicenses to the Covered Code which are properly granted shall survive any termination of this License. Provisions which, by their nature, must remain in effect beyond the termination of this License shall survive. 8.2. If You initiate litigation by asserting a patent infringement claim (excluding declatory judgment actions) against Initial Developer or a Contributor (the Initial Developer or Contributor against whom You file such action is referred to as "Participant") alleging that: (a) such Participant's Contributor Version directly or indirectly infringes any patent, then any and all rights granted by such Participant to You under Sections 2.1 and/or 2.2 of this License shall, upon 60 days notice from Participant terminate prospectively, unless if within 60 days after receipt of notice You either: (i) agree in writing to pay Participant a mutually agreeable reasonable royalty for Your past and future use of Modifications made by such Participant, or (ii) withdraw Your litigation claim with respect to the Contributor Version against such Participant. If within 60 days of notice, a reasonable royalty and payment arrangement are not mutually agreed upon in writing by the parties or the litigation claim is not withdrawn, the rights granted by Participant to You under Sections 2.1 and/or 2.2 automatically terminate at the expiration of the 60 day notice period specified above. (b) any software, hardware, or device, other than such Participant's Contributor Version, directly or indirectly infringes any patent, then any rights granted to You by such Participant under Sections 2.1(b) and 2.2(b) are revoked effective as of the date You first made, used, sold, distributed, or had made, Modifications made by that Participant. 8.3. If You assert a patent infringement claim against Participant alleging that such Participant's Contributor Version directly or indirectly infringes any patent where such claim is resolved (such as by license or settlement) prior to the initiation of patent infringement litigation, then the reasonable value of the licenses granted by such Participant under Sections 2.1 or 2.2 shall be taken into account in determining the amount or value of any payment or license. 8.4. In the event of termination under Sections 8.1 or 8.2 above, all end user license agreements (excluding distributors and resellers) which have been validly granted by You or any distributor hereunder prior to termination shall survive termination. 9. LIMITATION OF LIABILITY. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER TORT (INCLUDING NEGLIGENCE), CONTRACT, OR OTHERWISE, SHALL YOU, THE INITIAL DEVELOPER, ANY OTHER CONTRIBUTOR, OR ANY DISTRIBUTOR OF COVERED CODE, OR ANY SUPPLIER OF ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHO
offset: 6488064
file_handle: 0x00000260
filepath: C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\LICENSES.chromium.html
1 0 0

NtWriteFile

 buffer: in and fail to cure such breach within 30 days of becoming aware of the breach. All sublicenses to the Covered Code which are properly granted shall survive any termination of this License. Provisions which, by their nature, must remain in effect beyond the termination of this License shall survive. 8.2. If You initiate litigation by asserting a patent infringement claim (excluding declatory judgment actions) against Initial Developer or a Contributor (the Initial Developer or Contributor against whom You file such action is referred to as "Participant") alleging that: (a) such Participant's Contributor Version directly or indirectly infringes any patent, then any and all rights granted by such Participant to You under Sections 2.1 and/or 2.2 of this License shall, upon 60 days notice from Participant terminate prospectively, unless if within 60 days after receipt of notice You either: (i) agree in writing to pay Participant a mutually agreeable reasonable royalty for Your past and future use of Modifications made by such Participant, or (ii) withdraw Your litigation claim with respect to the Contributor Version against such Participant. If within 60 days of notice, a reasonable royalty and payment arrangement are not mutually agreed upon in writing by the parties or the litigation claim is not withdrawn, the rights granted by Participant to You under Sections 2.1 and/or 2.2 automatically terminate at the expiration of the 60 day notice period specified above. (b) any software, hardware, or device, other than such Participant's Contributor Version, directly or indirectly infringes any patent, then any rights granted to You by such Participant under Sections 2.1(b) and 2.2(b) are revoked effective as of the date You first made, used, sold, distributed, or had made, Modifications made by that Participant. 8.3. If You assert a patent infringement claim against Participant alleging that such Participant's Contributor Version directly or indirectly infringes any patent where such claim is resolved (such as by license or settlement) prior to the initiation of patent infringement litigation, then the reasonable value of the licenses granted by such Participant under Sections 2.1 or 2.2 shall be taken into account in determining the amount or value of any payment or license. 8.4. In the event of termination under Sections 8.1 or 8.2 above, all end user license agreements (excluding distributors and resellers) which have been validly granted by You or any distributor hereunder prior to termination shall survive termination. 9. LIMITATION OF LIABILITY. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER TORT (INCLUDING NEGLIGENCE), CONTRACT, OR OTHERWISE, SHALL YOU, THE INITIAL DEVELOPER, ANY OTHER CONTRIBUTOR, OR ANY DISTRIBUTOR OF COVERED CODE, OR ANY SUPPLIER OF ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES, EVEN IF SUCH PARTY SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. 10. U.S. GOVERNMENT END USERS. The Covered Code is a ''commercial item,'' as that term is defined in 48 C.F.R. 2.101 (Oct. 1995), consisting of ''commercial computer software'' and ''commercial computer software documentation,'&#x2
offset: 8388608
file_handle: 0x00000260
filepath: C:\Users\test22\AppData\Local\Temp\2jw8dig0wrKcDZp2EvtK0J5lq8m\LICENSES.chromium.html
1 0 0